Title: ISSM – Expert
Location: Chantilly, VA
*Clearance: *Active TS/SCI w/ Polygraph needed to apply *
Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies. Cornerstone’s Intelligence Sector provides solutions to the United States Government for information collection, operations, exploitation and dissemination, and research activities. Our Team specializes in software development, cloud architecture, systems and network engineering, systems integration, agile management, as well as targeting operations and intelligence analysis. Our support to our mission customers includes cyber network operations, exploitation and defense, signals intelligence, human intelligence, and critical missions and networks.
Act as a technical management resource for information system security matters. Provides technical and programmatic Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems. Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes. Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation. Conducts complex vulnerability assessments to include; development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment. Reviews system configurations and scan tool results in order to determine system compliance and report results.
Analyzes policies and procedures against Federal laws and customer regulations and provides recommendations for closing gaps. Develops strategies to comply with privacy, risk management, and e-authentication requirements. Provides cyber security and information system security support for the development and implementation of security architectures to meet new and evolving security requirements. Evaluates, develops and enhances security requirements, policy and tools. Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.
d. Required Qualifications
• TS/SCI w/ poly
• Requires 12 to 15 years with BS/BA or 10 to 13 years with MS/MA or 10+ years with PhD
• Candidate shall demonstrate strong experience with customer's Assessment and Authorization (A&A) process (e.g. RMF, NIST800-53, ICD503)
• Candidate shall demonstrate strong understanding of Cyber Security Policies
• Candidate shall have strong understanding of Networks and IT systems
• Candidate shall demonstrate strong communication skills
• Candidate shall demonstrate experience working with and across teams and handling multiple projects at once.
• Candidate shall demonstrate understanding of strong security practices and working with Security Officers
• Candidate should have accreditation tool experience (e.g., Xacta, Nessus, AppDetective, WebInspect)
• Candidate should have professional certifications (e.g., CISSP, CISM, CASP, CISA, Security+)