Description
HTX is looking for an individual who will be full time responsible for all our infosec needs. This person will live, eat, and breathe security and have a large role in our long-term success. Reporting directly to company leadership – this role is for someone who thrives in a fast-paced mature startup environment and has the desire to grow with us.
Responsibilities
- This position will be responsible for maintaining our Authority to Operate (ATO) approvals and Cybersecurity Impact Analysis (CIA) development and processing for various systems by adhering to the DoD RMF.
- This position supports cybersecurity efforts throughout the RMF Steps for one or more assigned programs to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls.
- Establish and implement security procedures and practices in support of organizational security and customer requirements.
- Develop and update Assessment & Authorization (A&A) documentation (Body of Evidence) for management and continuous monitoring of information systems.
- Using knowledge of the Information System (IS) and understanding of established Information Assurance (IA) and Cybersecurity requirements; validate security policies and procedures outlined in the System Security Plan (SSP), customer policies & regulations, and ensure local policies are followed.
- Initiate the authorization or re-authorization efforts and process for new or expiring systems and coordinate, schedule, and attend required meetings.
- Take corrective action to resolve problems identified and ensure systems are operated, maintained, and disposed of in accordance with established policies and procedures.
- Perform security audits IAW established procedures. Develop process for the management, review, and retention of security audit data.
- Make decisions and implement corrective action as required to resolve audit discrepancies.
- Author, review, and update IS security-related documentation and submit to (eMASS).
- As an IA Subject Matter Expert (SME), provide critical thinking to ensure system security requirements are addressed during all phases of the System Development Life Cycle (SDLC).
- Conduct ongoing security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities.
- Provide security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the (ISSM) of the security relevance.
- Reviewing and assisting to remediate Security Technical Implementation Guides (STIGs) checklists utilizing STIGViewer or SCAP tools.
- Create and maintain processes and procedures for use by members of the HTX team.
- Knowledgeable in National Institute Standards & Technology (NIST) special publications and processes.
- Review and provide remediation suggestions for vulnerabilities scans such as ACAS and NESSUS Scans.
- Provide HR with security training recommendations and assist HR with confirming HTX team members are up to date with all necessary security training for day-to-day operations based on their roles and responsibilities.
- Coordinate with IT team regarding security compliance and protocols.
Skills
- Experience performing information system risk assessments and Enterprise Mission Assurance Support Service (eMASS).
- General understanding of computer networks, hardware, databases, applications, security components, computer operations, and operating system maintenance.
- Understanding of the DoD environment and familiarity with the DoD Acquisition System.
- Ability to mediate differing perspectives and develop consensus relating to cybersecurity principles and regulations.
- Ability to build bridges across organizational boundaries and communicate with technical and non-technical leaders across large complex organizations.
- High integrity, strong work ethic, and capable of building strong, trusting relationships.
Qualifications
- Experience as an Information System Security Officer (ISSO) and/or Information System Security Manager (ISSM) using the DoD Risk Management Framework (RMF).
- IAM Level II certification commensurate with DoD 8570.1M requirements.
- Certifications in DoD Information Assurance Management (IM) Level 2 certification required, Cyber Security Service Provider (CSSP) certification preferred.
- At least 2 years’ experience supporting cybersecurity efforts through the DoD RMF process.
- CISSP Certification.
- Educational degree in Cybersecurity, Computer Science, Information Technologies, etc.
- Experience or knowledge of Cybersecurity, networks, system components, system protocols, commercial hardware and software products, and software development.
- Experience developing external customer relationships and ability to communicate cybersecurity concepts and requirements with senior leaders.
- Effective organizational, time management, and communications skills (written and verbal).
- Pursuant to a government contract, this specific position requires U.S. citizenship.
This is a direct hire position.