BE A SPARK IN OUR INDUSTRY
JOIN THE METRONOME FAMILY
Every individual has unique passions, career goals, and personal values. We are here to make the connection between those and the needs of our customers. When the stars align, we welcome our new employees - or Pulsers as we like to call them - to the family. We offer competitive benefits to ensure that our Pulsers are well taken care of for whatever comes their way.
Information Security Systems Engineer (ISSE)
- Job Title
- Information Security Systems Engineer (ISSE)
- Requirement ID
- Springfield, VA 22448
- Other Location
- Arnold, MO
Information Security Systems Engineer (ISSE) to support a large IT contract at its customer location in Springfield, VA. This ISSE role is part of larger team of ISSEs under the contract’s Security Team.
Required Security Clearance: TS/SCI
Required Certifications: DoD IAT Level II, i.e. Security+CE, CySA+, etc or above.
Required Education: HS/GED with 12 years’ experience, Associates with 10 years of experience, Bachelor’s degree and 4+ years of experience; or Master’s degree and 2+ years of experience.
- Understanding of risk management framework for ICD-503.
- Experience with the following systems/platforms/tools: XACTA (required); XACTA 360 (preferred); HBSS; ACAS; Nessus.
- Maintaining the accreditation of the assigned Security Plans to the ICD 503 RMF requirements
- Ensuring that the architecture and design of DoD information systems are functional and secure.
- Providing security subject matter expertise at all engineering, change, configuration control and other meetings.
- Participating in risk assessment during the certification and accreditation process.
- Provide assessment and authorization (A&A) services in accordance with ICD 503 Risk Management Framework.
- Collection and review of ACAS scans. Document and recommend mitigation actions
- Collection and review of STIG scans. Document and recommend mitigation actions
- Address identified and relevant controls from the IA Requirement Catalog (IRAC)
- Prepare Test Plan to address identified controls
- Experience with HBSS and how to create tags, look up equipment, apply tags and export reports
- Know how to use Tenable Security Center to retrieve reports from the Nessus Manager
- Support A&A compliance with: Information assurance policies standards and guidelines, Security risk assessments, Continuous monitoring, Continuity planning
- Develop/maintain security documentation per NGA/IC/DoD/Industry standards and policies
- Coordinate all A&A initiation and renewal activities working with the NGA Designated Authorization Official (DAO or DAOR)
- Perform decommission activities as required for assets and Security Plans.
- Address any Information Assurance or Cybersecurity notices, orders, taskings, or directives as required following the NGA operations vulnerability and patch management process.
- Attend and participate in weekly vulnerability and risk management meetings
- Ensure that all services, operational systems, devices and applications are compliant and sustain compliance with the most current Defense Information System Agency (DISA) security technical implementation guides (STIGs), Security Requirement Guides (SRGs), Information Assurance Vulnerability Management (IAVM) requirements, USCYBERCOM Operational Orders (OP ORDs) and approved security updates.
- Perform security audits and assessments – create of Plan of Action and Milestones (POAMs)
- Coordinate with System Administrators and others for the remediation of all vulnerabilities and report results. For any open vulnerability, document, obtain approval and status POAMs
- Update Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan.
- Participate in the development, implementation, and testing of disaster recovery methods and procedures for the ITDR Plan
- Conduct technical and administrative STIG/SRG reviews for all CCRI technology areas each quarter
- Assist in the preparation and deliver of monthly and quarterly Assessment and Compliance Status Reports
- Provide ad-hoc reporting to assist the Government in assessing readiness of all applicable UFS systems, applications, and devices in response to short notice/no-notice DISA, CCRI, Computer Network Defense – Service Provider (CND-SP), or other directed inspections/audits
- Support remediation of findings from routine NGA vulnerability scanning, A&A assessments, or inspections with NGA service providers to support USCYBERCOM 21-day remediation requirements.
- Support rapid patching deployment process and reporting for USCYBERCOM or vendor patches addressing zero-day exploit activities to support a 7-day remediation timeline as directed by the CSOC.
- Establish plans, procedures and technical measures for UFS design and infrastructure to provide Continuity of Operations Planning (COOP) and off-site backup capabilities in accordance with NGA Directive (NGAD) 3020.
- Ensure the UFS design and infrastructure meets all COOP and off-site backup requirements in accordance with NGAD 3020
- Coordinate and participate with NGA Operation Center and other identified service providers or contracts for any exercises or executions involving UFS.
- Able to research and evaluate new concepts and processes to improve performance. Analyzes cross-functional problem sets, identifies root causes and resolves issues. Assists more junior level technicians, specialists, and managers in their activities. Can perform all tasks of lower level technicians, specialists, and/or managers.
- Certification: CISSP, CASP, ITIL
- NGA experience desired
Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are normally set from Monday through Friday 8:00am to 5:00pm, however some extended or weekend hours may be required. Additional details on the precise hours will be informed to the candidate from the Program Manager/Hiring Manager.
May be required to lift and carry items weighting up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the work day.
Successful Completion of a Background Screening/Check/Investigation will/may’ be required as a condition of hire.
Employment Type: Full-time / Exempt
Metronome offers competitive compensation, a flexible benefits package, career development opportunities that reflect its commitment to creating a diverse and supportive workplace. Benefits include, not all inclusive – Medical, Vision & Dental Insurance, Paid Time-Off & Company Paid Holidays, Personal Development & Learning Opportunities.
An Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status. Metronome LLC is committed to providing reasonable accommodations to employees and applicants for employment, to assure that individuals with disabilities enjoy full access to equal employment opportunity (EEO). Metronome LLC shall provide reasonable accommodations for known physical or mental limitations of qualified employees and applicants with disabilities, unless Metronome can demonstrate that a particular accommodation would impose an undue hardship on business operations. Applicants requesting a reasonable accommodation may make a request by contacting us.
- Required Skills