Job Details
Information Systems Security Officer / Compliance Analyst in Washington, DC at Galapagos Federal Systems, LLC **Location:**
**Experience:**
Not Specified Galapagos Federal Systems, LLC offers the complete ability to fully design, develop, test, prototype, and build customized solutions supporting our clients' core mission objectives. Our services include: Cloud Integration and Data Center Consolidation, Cybersecurity and Information Assurance, Advisory and Assistance Services, and IT Service Management. Galapagos provides large organization stability, capability, and over 30+ years of IT management experience in combination with small business flexibility, agility, and customer care.
**Job Description**
**Position Title:** Information Systems Security Officer / Compliance Analyst
**Work Location:** Washington, DC
**Job Summary:**
Galapagos Federal Systems, LLC is looking to fill our Information Systems Security Officer/Compliance Analyst position. The Information Systems Security Officer/Compliance Analyst shall provide support in planning and managing of the Defense Innovation Unit (DIU) acquisition programs. The candidate serves as the on-premises network and cloud-based services technical expert and security strategist as well as client system, server, and application manager for systems supporting DIU personnel. The candidate must exercise technical responsibility for systems, to include hardware, software, and cloud-based PaaS and SaaS applications used by DIU personnel. This candidate will be responsible to provide subject matter expertise in all cyber security initiatives and help in explaining new guidance.
**Essential Duties and Responsibilities:** (Not listed in order of importance; other duties may be assigned):
* The candidate shall perform system administrative tasks to ensure DIU systems are performing optimally.
* The candidate shall manage software upgrades including security updates, virus updates, vendor related software fixes and patches.
* The candidate shall provide customizations to meet the various needs of different software application packages.
* The candidate shall perform hardware interface modifications when required.
* The candidate shall manage user IDs, passwords, log-on/access points, and access rights.
* The candidate shall analyze network equipment and software reliability and utilization reports for complex equipment and software systems to identify and correct problem areas.
* The candidate shall oversee configuration and installation of network equipment and changing the components of existing equipment for efficient operations.
* The candidate shall serve as liaison with Defense Information Systems Agency (DISA) and the office of the DoD Chief Information Officer to ensure the appropriate security compliance measures have been taken for its mission.
* The candidate shall create and provide technical documentation for physical and logical server topology for all information systems and associated applications.
* The candidate shall troubleshoot IT/network problems, including cloud-based Platform-as-a-Service and Software-as-a-Service, to determine mission impact and take corrective actions.
* The candidate shall provide information, recommendations, policy interpretation, and documentation in support of various security functions and special projects. Research relevant IT security related issues with respect to the potential impact on the DIU.
* Manage equipment such as servers, computers, mobile devices, data wall, network equipment, conference room equipment, PAN firewall, Aruba network switches.
* Manage on premise applications including, but not limited to Traps EMS, VM Ware vSphere, etc.
* Under general supervision, perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
* Develop plans to safeguard computer configurations against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
* Perform system security reviews and tests and write formal reports and follow up advisory memos.
* Receive reports on security breaches and take appropriate action to minimize harm and liability.
* Monitor, process, and inspect system and network data for computer and network usage policy compliance, system integrity, and incident response. Interface with the Information System Security Manager (ISSM) to report incidents.
* Deliver educational information to system administrators and users. Participate in the development and documentation of information security standards, best practices, and guidelines.
* Assist in the design of secure system and network architectures.
* Assist the Information Technology Department and Internal Audit in the development of appropriate criteria needed to assess the level of new/existing applications and/or technology infrastructure elements for compliance with enterprise security standards.
* Assist local area in applying best practices in securing the data and information systems under their control.
* Analyze, test, troubleshoot, and evaluate existing network systems, such as local area network (LAN), wide area network (WAN), and Internet systems or a segment of a network system.
* Perform network maintenance to ensure networks operate correctly with minimal interruption.
**Job Requirements**
**Qualifications:**
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Must be a U.S Citizen
**Education and/or Experience/Skills Required:**
* Education: Bachelors degree from an accredited university/college in Computer Science, Information Technology, Information Security, Cybersecurity, or related field
* Qualifications: FedRAMP and DoD Impact Level (IL) Certification & Accreditation (C&A)
* DoD 8570 IAT/IAM Level II certified
* Experience: Minimum of three (3) years experience accrediting commercial technologies via the Risk Management Framework (RMF) and FedRAMP/IL processes from both a packet preparation and assessor perspective.
* Minimum of three (3) years experience with eMASS and DITPR for population, tracking, and Plan of Action & Milestones (POA&M) staffing.
* Minimum of three (3) years experience with Information System Security Assessments, developing Risk Management Plans, assessing security architectures, and navigating FedRAMP and IL accreditation frameworks.
* Minimum of five (5) years experience providing ongoing life cycle Assessment & Authorization (A&A), Risk Management Framework and FedRAMP/IL support, to include eMASS entry, creation or updating of required artifacts, and coordinating validation efforts to support an Authorizing Official (AO) decision.
* Minimum of five (5) years experience assisting with multiple duties within the Plans, Programs, and Readiness (PPR) domain to include, but is not limited to, sustainment/onboarding activities, policy development and support, program/project management, and FedRAMP/IL accreditation efforts. Certification Requirements: Security + Experience with DoD Risk Management Framework (RMF) Minimum 1-year exp as an Information Systems Security Officer
* Desired:
+ Minimum of one (1) year experience with ServiceNow and Google G Suite Enterprise.
+ Minimum of one (1) year experience collaborating and coordinating with other cyber elements to include the CSSP community.
+ Minimum of one (1) year experience preparing and conducting presentations.
+ Minimum of one (1) year experience as an Information System Security Officer (ISSO) or Information Manager.
+ Minimum of one (1) year experience with STIGs and justifying the technical need for applying each setting.
**Physical Re