The Information System Security Engineer (ISSE) will act as the frontline system administrator supporting customer systems and applications. Thisposition will support the CIO, ISSM, ISSO and validator with the maintenanceand enhancement of  systems and architecture to achieve and maintainCertification and Accreditation or other DOD compliance requirements.

•   Perform Information Assurance tasks required for DIACAP Certification & Accreditation (C&A) and RMF Assessment & Authorization (A&A) processes for USNB systems. (Systems include, but are not limited to: Macintosh and Windows workstations/laptops, Apple iPads, routers, switches, livestreaming and audio-visual peripheral and embedded equipment, public facing internet connected, network connected and cloud-based systems.) 
•   Perform system configuration, testing, and develop documentation to be used in the DIACAP/RMF overall process.
•   Support the Chief Information Officer (CIO), Information System Security Manager (ISSM), and Information System Security Officers (ISSO), in review and analysis of information assurance/cybersecurity task orders, policies, Cybersecurity Inspections (CSI), and directives; attend ad-hoc meetings, as required by CIO/ISSM.
•   Perform Information System Security Engineer (ISSE) tasks and support customer SSM/ISSO in support of DIACAP/RMF process for customer Stand-alone systems or internet based, or cloud based systems.
•   Install software and hardware to maintain compliance with DOD requirements, remediate cybersecurity vulnerabilities, and perform break/fix to support system owners/users on for Apple Macintosh, IOS, and Microsoft Windows machines.
•   Execute the Assured Compliance Assessment Solution (ACAS) tool, the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), SCAP, Security Requirements Guides (SRGs) and additional testing as required or documented by DIACAP/RMF.
•   Implement security controls as directed by the Navy Security Control Assessor (SCA) & Navy Authorizing Official (NAO) Cybersecurity Authorization & Assessment (A&A) testing guidance.
•   Assist the Validator in the development of the Security Authorization Package; including creation of all artifacts required for DIACAP/RMF for authorizations with a goal of full Authority to Operate (ATO).
•   Assist customer activities with maintaining required security updates to systems not centrally located at the Washington Navy Yard. Create and maintain security practices documentation to standardize system administration and maintenance across the various customer field activities.
•   Enter and keep up to date the Security Authorization Package, security controls and required artifacts into eMASS.
•   Participate in DIACAP/RMF meetings and collaboration sessions with customer activities, Echelon II, Navy’s Authorizing Official (NAO) and Security Control Assessor (SCA) and SCA Liaison.
•   Working with the customer ISSM/ISSO and the validator, ensure that the actions required by the Plan of Action and Milestone (POA&M) are implemented appropriately to ensure the continued risk and security posture of customer systems.
•   Support the periodic documentation of any DOD/DON waivers or reporting requirements, as required (e.g. HBSS, PKI, PPSM or GIG).
•   Stay current with cybersecurity policies, directives and task orders; support USNB in technical execution of new cybersecurity directives, as required.
•   Provide System Administrator support to the customer Washington DC headquarters and Navy Fleet Band Activities, including configuration maintenance, system hardening, and fielding ad-hoc support requests.
•   Provide and maintain hardened system images for both the Headquarters and Fleet Band public affairs office (PAO) and audio system laptops. Provide technical support to HQ and Fleet Band staff as necessary.
•   Provide training to both HQ and Fleet customer musician staff, in system hardening, vulnerability scanning, and cyber security system lifecycle maintenance for Apple Macintosh, IOS, and Microsoft Windows machines
•   Support CIO/ISSM during fielding of new technology, to include providing Navy Cyber Security Impact, Security Evaluation, and Technology Recommendations.

 Qualifications: 

Secret clearance and cybersecurity qualifications required on day of start. The Information System Security Engineer (ISSE) will have 3 years of experience with system/network administration and IT asset management. Candidates for this position will have documented experience with the DoD Risk Management Framework (RMF) process working on Department of the Navy (DON) systems. The candidate will have experience applying system and/or network updates where necessary to comply with update security notices and requirements for Certification and Accreditation. Contractors shall be prepared to serve as experts in full performance of all Information System Security Engineering (ISSE)/System Administration tasks on day one as they will be primary cybersecurity staff at the command.

Netizen requires support to serve as a Navy Information System Security Officer (ISSO) for standalone systemsand websites, including all standalone cloud-based systems. This individual will perform tasks required by the Navy’s Risk Management Framework for the role required by an Information System Security Officer (ISSO) for standalone, non-enterprise or cloud-based systems.

•   Maintains systems’ assessment & authorization (A&A) documentation & document statuses for preserving assets’ Authority to Operate (ATO).
•   Perform annual security reviews of systems under RMF authorization, to ensure validation of  systems’ security controls during Continuous Monitoring testing
•   Manage systems’ POA&Ms to ensure systems and process vulnerabilities are properly tracked, mitigated, and/or resolved
•   Provides assistance with identification of the systems’ security control baselines, and any applicable overlays
•   Implements systems’ updates, as required within Enterprise Mission Assurance Support Service (eMASS)
•   Support and advise command information officer (CIO) or ISSM on matters relating to security vulnerabilities, threats and assessment of new requirements for all systems.
•   Supports the ISSM and CIO with the DON Cyber Scorecard reporting requirements.
•   Represent the customer as ISSO to Fleet Cyber Command and other organizations to obtain or maintain Authority to Operate (ATO).
•   Support ISSM in updating existing waivers, as required as part of RMF process for system(s) accreditation (including, but not limited to, HBSS, PKI and DODIN waivers).
•   Support transition of any existing DIACAP accredited systems to the new Risk Management Framework (RMF) accreditation process.
•   Support the ISSM and CIO in completing the DOD Cyber Scorecard.
•   Provide input to and advise command Cyber Configuration Board; ensuring all changes meet cybersecurity guidelines.
•   Develop and document a Vulnerability Remediation and Management (VRAM) to include machine scanning, remediation, tracking, documentation and scan upload processes for the Department of Navy’s VRAM program.
•   Serve as Vulnerability Remediation and Management (VRAM) System Administrator.
•   Ensure cybersecurity scans are performed, as required by Fleet Cyber Command, on all standalone systems and are uploaded into the VRAM database per Fleet Cyber Command/10^th Fleet requirements.
•   Regularly monitor the VRAM database for system vulnerability alerts and task orders and execute required actions per directive.  Notify all stakeholders of actions required to meeting directive. 
•   Install, operate and maintain cybersecurity scanning tools and testing machines; including ACAS, Nessus, Security Center, SCAP and DISA STIGs. 
•    Perform risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, configuration deficiencies, and protection needs for standalone systems, per DISA STIG, VRAM, Computer Task Orders, Information Assurance Vulnerability Alert/Bulletins (IAVA/IAVB’s).
•   Communicate with ISSM, other system ISSOs, Cyber Configuration Manager (CCM), Information System Security Engineer (ISSE), Validator, CIO and other organizational staff regarding status of system vulnerabilities and remediation requirements.
•   Oversee the implementation of security controls, patching, and manual configurations; perform ongoing tasks required to prevent, detect, analyze and respond to security incidents.
•   Update, create and maintain system security plan, disaster recovery plan, Incident Response Plan, and other SOP’s, or other directives required per DON / DIACAP / RMF guidelines.
•   Enter data into the Enterprise Mission Assurance Support Service (EMASS) in support of DIACAP and RMF package processing as ISSO.
•   Create and maintain ATO and Vulnerability Plan of Action & Milestones (POA&Ms) other documentation required in EMASS, VRAM to obtain and maintain Assessment & Authorization of Echelon II standalone and cloud based systems.
•   Provide input for FISMA, CyberScope, and other DON data repositories; responding to regular requests for data, as required.
•   Participate in regular Fleet Cyber Command EII Cyber Sync and other meetings concerning cybersecurity, VRAM and other training, meetings and working groups, as required by ISSM and CIO.

Qualifications:

·        Meet the training and certification requirements for InformationAssurance Management Level II as defined in the Information Assurance WorkforceImprovement Program (DoD 8570.01-M) and current training standards in place atthe time of task execution.

•   Maintain minimum CompTIA Security+CE and other IAM level II qualifications, as required, by DON Cyber Security Work Force directives.
•   Secret clearance and cybersecurity qualifications required on day of start.
•   Requires minimum 2 years Navy specific ISSO and Navy RMF experience.

The scope of this effort includes theperiodic maintenance, sustainment, and break/fix support for seven legacyaccess databases .  The databases reside on various networks, includingNMCI, OneNet, and NETC. Assist withmigration of legacy database information into a common format for ingest intoServiceNow platform, performing Normalization of the data for ingest and anydiscrepancies are to be cleared before import to the platform.

Position Description:  Position will be in support of multiple Microsoft Access databases utilized for supply, inventory, operations and informationsystems.  This role will beto:

·         Periodic maintenance, sustainment, andbreak/fix support for seven legacy access databases.

·        Assist with migration of legacy database information into a common format foringestion into ServiceNow platform. The contractor will normalize the data foringest and ensure all discrepancies are cleared before import to the platform.

·        Make recommendations to update andmaintain the applications/databases

·        Review updated requirements, document these requirements, and recommend further courses of action forupdated builds

·        Complete development/updates onapplications/databases in support of builds or issue/bug remediation

·        Maintain all documentation as required

·         Design,document, and develop alternative or new MS Access databases in support of customer mission.

Qualifications:

·        Secret Clearance

·        2-4 years of MS Access experience

·        Experience with development using VBA

·        Experience with development using SQL

·        Experience with setup and administrationof MS SharePoint site

·        Demonstrated experience with reportgeneration

·        Demonstrated experience with designing andupdating GUI of MS Access form

Information Systems Security Officer (Cybersecurity Engineer) - ACTIVE DOD SECRET CLEARANCE REQUIRED

Netizen Corporation is seeking an Information Systems Security Officer in the Orlando, FL area. This person will apply technical and functional expertise to perform on-site risk assessments and security engineering/advisory for DoD networks, information systems, and applications using standards such as DoD Directive 8510.01, DoD Instruction 8500.01, and NIST Publications. The ISSO (Engineer) will work as a member of a Team providing technical support to protect the DoD’s networks and information systems.

Primary Responsibilities:

· Serve as an Assessment and Authorization (A&A) and Security Engineering (SE) Subject Matter Expert (SME) with proficiency in DoDI 8510.01, Risk Management Framework (RMF) for DoD IT, and affiliated NIST security controls.

· Function as an Information Systems Security Officer (ISSO) advising federal and DoD clients on security protocols and compliance measures for a variety of systems.

· Assist with RMF assessments, including coordination, preparation, execution, and concluding documentation.

· Utilize DoD Information Assurance (IA) scanning tools and techniques (i.e., Nessus, SCAP, STIG Checker, etc.).

· Demonstrate knowledge of network devices and interconnections (i.e., routers, switches, IDS/IPS, firewalls, DNS).

· Demonstrate technical experience in identifying and mitigating and/or remediating vulnerabilities or misconfigurations.

· Perform system administration functions on various operating systems, including Linux, Unix, and networking devices.

· Communicate complex technical and programmatic information to a wide audience, often in the form of verbal and visual updates, technical reports, and/or briefings. Documentation, presentation, and public speaking skills are required.

· Apply understanding of cyber security concepts, practices, and tools to administer classified and unclassified DoD networks and information systems.

· Maintain on-going awareness of emerging cybersecurity threats and trends.

· Develop and maintain the necessary technical documentation and standard operating procedures (SOPs).

Experience:

· At least 7 years of specialized DoD IT/cybersecurity experience.

· At least 4 years of experience conducting NIST RMF assessments and security engineering support.

· Functional knowledge of DoDI 8510.01, CNSSI 1253, NIST 800-53 rev4, and associated controls.

· Knowledge of emerging cybersecurity threats and trends, including an ability to describe highly publicized cyber intrusions within the last year.

· Familiarity with networking, systems administration, and systems engineering practices and technologies.

· Familiarity with Electronic Mission Assurance Support Service (eMASS).

Education Requirements:

· Minimum of an Undergraduate Degree in Computer Science, Computer Engineering, or related engineering-focused discipline is highly preferred.

Certification Requirements:

· I AM Level III  (CISSP certification)

Security Clearance:

· U.S. Citizenship is required.

· Must possess an ACTIVE DoD Secret security clearance. All reported clearances will be validated prior to making an offer of employment.

· Secret Clearance REQUIRED

 Netizen is seeking a talented software engineer with experience in both front-end and back-end software application design, development, testing, and deployment using JavaScript and Python programming languages and associated frameworks such as Django/Flask. This person will be responsible for enhancing and supporting a suite of cybersecurity tools. To be considered, all candidates must have current authorization to work in the U.S. and pass a comprehensive background check.

Position requirements:

•   At least 3 years of general software engineering experience with Python and frameworks such as Django or Flask
•   Experience with SaaS systems integration through secure APIs leveraging REST and other protocols
•   Experience with DevOps practices and tools
•   Understanding of basic systems administration for Linux in cloud-hosted environments
•   Combination of back-end architecture and basic front-end design experience is preferred
•   Experience with the administration of PostgreSQL databases and related ecosystem of tools. 
•   Understanding of Agile methodologies for software development
•   Experience with software test/assurance tools and methodologies (QA and test/validation)
•   Ability to communicate clearly and professionally, both orally and in writing
•   Ability to refine business requirements into technical schematics and documentation as needed in addition to producing functional, secure, and high quality code
•   Capable of designing and implementing refined software engineering processes across an enterprise
•   Ability to get up to speed quickly on an existing codebase and produce new features on a sometimes accelerated timetable with quality code, documentation, and other required deliverables
•   A familiarity with NIST RMF and cybersecurity practices, tools and principles is STRONGLY preferred
•   Experience with designing, developing, and deploying Machine Learning models using Tensorflow/Keras a MAJOR PLUS

Education:

•   A 4-year degree from an accredited institution of higher education (college, university, etc.) in Computer Science or a related field is highly preferred for this position. This is waiverable with at least 4 additional years of software engineering experience at an enterprise level.
•   A technical cybersecurity certification such as CISA, CISSP, or CISA is a plus

This position is subject to pre-employment screening using common software engineering problem-solving tests.