Information System Security Officer
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
Octo, an IBM company, is an industry-leading, award-winning provider of technical solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government’s most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.
Our team is what makes Octo great. At Octo you’ll work beside some of the smartest and most accomplished staff you’ll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!
Are you a self-motivated and experienced Information Systems Security Officer (ISSO)? Are you looking for a significant career growth opportunity? You will be joining the team that is deploying and delivering a cloud-based, multi-domain Common Data Fabric (CDF), which provides data sharing services to the entire DoD Intelligence Community (IC). The CDF connects all IC data providers and consumers. It uses fully automated policy-based access controls to create a machine-to-machine data brokerage service, which is enabling the transition away from legacy point-to-point solutions across the IC enterprise.
Octo offers modern approaches to solve your toughest challenges. We believe the status quo can be improved, and we’ve made it our job to use emerging technology to help our customers achieve their objectives with the most modern systems and software possible. That’s why our digital solution innovators develop transformative, scalable solutions to make sure your agency is always a step ahead.
The CDF program is an evolution for the way DoD programs, services, and combat support agencies access data by providing data consumers (e.g., systems, app developers, etc.) with a “one-stop shop” for obtaining ISR data. The CDF significantly increases the DI2E’s ability to meet the ISR needs of joint and combined task force commanders by providing enterprise data at scale. The CDF serves as the scalable, modular, open architecture that enables interoperability for the collection, processing, exploitation, dissemination, and archiving of all forms and formats of intelligence data. Through the CDF, programs can easily share data and access new sources using their existing architecture. The CDF is a network and end-user agnostic capability that enables enterprise intelligence data sharing from sensor tasking to product dissemination.
Primarily responsible for the security accreditation of CDF components and instances, to include validation and maintenance of all Information Assurance (IA) requirements mandated ISO a defense organization’s business systems environment. In this role, you will:
- Coordinate the accreditation and delivery of the assembled enterprise data capabilities across all platforms, and perform continuous monitoring of the fielded solutions
- Work with CDF Platform / systems engineers to remediate security defects in a timely manner on any open findings for all development, test and production systems
- Monitor ACAS and CMRS weekly reports, Information Assurance Vulnerability Alerts (IAVAs), Cyber Tasking Orders, and vendor announcements for alerts and forward relevant alerts to the Operations and Maintenance teams for mitigation and response
- Prepare IA documentation for Government representatives to include authorization change requests, Security Technical Implementation Guide (STIG) reports, or any other IA pertinent documents
- Create the needed evidence in A&A packages for submission into the required registry databases and author documents and diagrams to satisfy the corresponding NIST SP-800-53 controls associated with the information security targets for Confidentiality, Integrity, and Availability (CIA).
- Work with the PMO and IA stakeholders to maintain Authorities to Operate (ATOs) for multiple systems
- Provide input into the Federal Information Security Management Act (FISMA) reporting, and work with the PMO in addressing any identified vulnerabilities.
- Facilitate and/or conduct drills or table-top exercises such as Continuity of Operations (COOP), spillage, or other events
Years of Experience: 8 years of experience.
Education: Bachelor’s degree in Systems Engineering, Computer Engineering, or a related technical field (Preferred)
Location: Chantilly, VA (on-site)
Clearance: Active TS/SCI with the ability to obtain CI POLY
Required Technical and Professional Expertise
- 7+ years hands-on experience obtaining and maintaining security accreditation for Linux-based software systems and capabilities, including documenting and reviewing Security Controls and Test Plans, and using the Xacta cyber risk management tool
- DOD 8570 IAT Level II Certification (Security+) or the ability to obtain the certifications within 90 days.
- Understanding of Risk Management Framework (RMF) and IC Authority to Operate (ATO) and Interim Authority to Test (IATT) processes
- Working knowledge and experience with security certification, ICD 503, NIST 800-53 security controls, and DISA Control Correlation Identifiers (CCIs) Security Technical Implementation Guides (STIGs)
- Proven expertise obtaining ATOs and IATTs on IC programs (desired)
- Demonstrated understanding and commitment to modern Continuous ATO processes (desired)
- Advanced organizational skills with the ability to handle multiple assignments
- Strong written and oral communication skills
- Strong critical thinking skills with inquiring mind / inquisitive nature
- Microsoft Office proficiency
- Clearance: Active TS/SCI with the ability to obtain CI POLY
Preferred Technical and Professional Expertise