Information Systems Security Analyst III
Amentum
Kennedy Space Center, Florida
Job Description
Supporting the Most Exciting and Meaningful Missions in the World
Information Systems Security Analyst III
JOB DESCRIPTION/POSITION RESPONSIBILITIES:
The Information Systems Security Engineer is responsible for conducting structured security authorization and accreditation activities utilizing the Risk Management Framework (RMF) and in compliance with the Federal Information Security Management Act (FISMA) requirements. As a member of the Security Team, the candidate will review technical, management, and operational Security Controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the Systems’ Information Technology (IT) and Operational Technology (OT) and security solutions.
The Information Systems Security Engineer’s responsibilities include but are not limited to:
- Assignment as Information System Security Engineer (ISSE) for NASA hosted information systems
- Communicate and enforce security policies, procedures and safeguards for Industrial Control Systems (ICS) and OT Devices, Equipment, and Interfaces, based upon NASA and NIST requirements
- Ensuring all Industrial Control Systems (ICS)s and Building Automation Systems (BAS) are operated, maintained, and disposed of in accordance with security policies, best practices and NIST publication series NIST 800-37
- Ensure Configuration Management (CM) for security-relevant ICS and BAS software, hardware, and firmware is documented and maintained
- Manages Authorization Package artifacts, documentation and provides updates within the NASA Information Security Management System. Assist with obtaining and maintaining Authorization to Operate (ATO) for systems
- Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
- Establish audit trails and ensure their review, and make them available, when required, to the Chief Information Security Officer (CISO) or the Information System Security Manager (ISSM)
- Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
- Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
- Develop, implement, and enforce ICS security policies
- Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP)
- Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
- Supports security authorization activities in compliance with RMF
- Assist in the evaluation of security solutions to ensure they meet security requirements for processing sensitive information
- On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs
- Must be able to work onsite at Kennedy Space Center (KSC) a minimum of 50% of required hours
REQUIRED SKILLS:
Must be able to obtain and maintain required government clearances/badges as required by program and position
Security + Certification
Knowledge of PC operating systems and servers
Knowledge of Programmable Logic Controllers (PLC) and Direct Digital Controllers (DDC)
Knowledge of Programmable Logic Controllers (PLC) and Direct Digital Controllers (DDC)
Experience with the NIST/FISMA regulatory and compliance requirements
Must be customer focused and possess the ability to identify issues, analyze, and interpret data and develop solutions to a variety of moderately complex technical problems
Experience with documenting test environments, requirements, results and POA&M resolution
Kennedy Space Center experience desired
EDUCATION/YEARS OF EXPERIENCE:
BS/BA in Computer Science, Information Systems or a Technical field preferred or experience or an equivalent combination of experience and education from which comparable knowledge and skills may be acquired.
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.
EEO is the Law Poster
EEO is the Law Poster Supplement
