Careers

All new hires in technology and engineering positions are eligible for hiring bonuses! 

Position:  Information System Security Officer (ISSO) – Senior

MINIMUM SECURITY CLEARANCE: Top Secret*

LOCATION: Washington D.C.

JOB ID: 22-028

CLOSING DATE: Until Filled

STATUS: Employee / Full Time

SUMMARY DESCRIPTION:  

Envisioneering, Inc. is seeking an Information Systems Security Officer (ISSO) to support an active government contract.  This position will be responsible for the following:

  • Lead the RMF process for assigned programs, organizations, systems, or enclaves.
  • Maintain and report system’s A&A status and events.
  • Manage the SP for assigned systems throughout their lifecycle.
  • Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
  • Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved.
  • Assist with identification of the security control baseline set and any applicable overlays.
  • Supervise the validation of security controls with the PM/ISO, SCA Liaison, PSO, and AO CSA.
  • Assemble the Security Authorization Package and submit for adjudication.
  • Register and maintain the system in eMASS.
  • Assess the quality of security control implementation against all requirements in accordance with the approved SLCM strategy.
  • Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment.
  • Report changes in the security posture of systems to the AO.
  • Utilize the Collaboration Board in eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
  • Assist the ISSMs in executing their duties and responsibilities.
  • Ensure compliance with all USN, DON, and DoD cybersecurity policies.
  • Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
  • Ensure an incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly.
  • Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
  • Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).

 

Assist the ISSE with the following responsibilities:

  • Oversee the development and maintenance of a system’s cybersecurity solutions.
  • Identify AO and SCA cognizance (i.e. FAO or NAO, and FSCA or SCA) of the system as well as any specific authorization requirements such as reciprocity, cross domain, and applicable overlays to support System Categorization.
  • Identify mission criticality.
  • Identify and tailor the security control baseline with applicable overlays.
  • Assist with development, maintenance, and tracking of the SP.
  • Lead the security control implementation and testing efforts.
  • Perform vulnerability-level risk assessment on the POA&M/RISK Assessment Worksheet.
  • Assist with any security testing required as part of A&A or annual reviews.
  • Assist in the mitigation and closure of open vulnerabilities under the system’s change control process.
  • Oversee cybersecurity testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle.
  • Make data entries into the eMASS record and POA&M consistent with implementation results.
  • Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process.
  • Detailed findings will be posted in the Artifacts tab (if necessary).
  • Rework shall be documented and provided to the PSO/PMO for review.

Assist the ISSM with the following responsibilities:

  • Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).
  • Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
  • Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
  • Advise senior management (e.g., CIO) on risk levels and security posture.
  • Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.
  • Collect and maintain data needed to meet system cybersecurity reporting.
  • Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
  • Ensure security improvement actions are evaluated, validated, and implemented as required.
  • Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
  • Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
  • Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
  • Identify alternative information security strategies to address organizational security objective.
  • Identify information technology (IT) security program implications of new technologies or technology upgrades.
  • Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.
  • Manage the monitoring of information security data sources to maintain organizational situational awareness.
  • Oversee the information security training and awareness program.
  • Participate in an information security risk assessment during the Security Assessment and Authorization process.
  • Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
  • Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
  • Recognize a possible security violation and take appropriate action to report the incident, as required.
  • Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
  • Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.
  • Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
  • Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.
  • Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
  • Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.
  • Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
  • Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
  • Ensure all acquisitions, procurement’s, and outsourcing efforts address information security requirements consistent with organization goals.
  • Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.
  • Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
  • Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.
  • Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
  • Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
  • Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.
  • Evaluate cost benefit, economic, and risk analysis in decision making process.
  • Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
  • Interpret and/or approve security requirements relative to the capabilities of new information technologies.
  • Lead and align information technology (IT) security priorities with the security strategy.
  • Lead and oversee information security budget, staffing, and contracting.
  • Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
  • Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
  • Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.
  • Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
  • Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
  • Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.
  • Recommend policy and coordinate review and approval.
  • Use federal and organization-specific published documents to manage operations of their computing environment system(s).
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

MINIMUM SKILLS / QUALIFICATIONS:

  • Must have and maintain a DoD Top Secret Clearance.
  • 15+ years of technical and managerial experience in system administration and information security/cybersecurity.
  • CISSP, CISM, or other DOD 8570.01-M IAM Level 3 certification.
  • Bachelor’s degree with a concentration in a related discipline (e.g., information security, cybersecurity, information technology)
  • Self-motivated and the ability to multi-task and balance multiple goals and priorities.
  • Must be familiar with DOD Risk Management Framework (RMF) policies, standards, procedures and have relevant experience with associated tools (e.g., eMASS, XACTA 360, Assured Compliance Assessment Solution (ACAS), Anchore, DISA Security Technical Implementation Guides (STIGs), SCAP Compliance Checker (SCC), STIG Viewer, eMASSter, Eval STIG).

PHYSICAL DEMANDS:

  • Sedentary/10 lbs. maximum. Occasional life/carry of small articles. Some occasional walking or standing may be required.

EDUCATION:

  • Bachelor’s degree with a concentration in a related discipline (e.g., information security, cybersecurity, information technology)
  • CISSP, CISM, or other DOD 8570.01-M IAM Level 3 certification.

BENEFITS: Envisioneering, Inc. offers a stable work environment, a competitive salary, and a comprehensive benefits package effective date of hire; including 401k, Medical/Dental/Vision, FSA, Short Term, Long Term, AD&D and Life insurance, (employer paid), voluntary life, Tuition Reimbursement, Paid Leave, Holidays and much more.

AS A CONDITION OF EMPLOYMENT: You must pass a drug and pre-employment drug screening. U.S. Citizenship Required. Candidate must follow all company and non-DOT Drug and Alcohol Testing.

*A Department of Defense (DoD) Top Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required.  Please confirm in your cover letter or resume.

EQUAL EMPLOYMENT OPPORTUNITY: Envisioneering Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity, or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Envisioneering stands in support of equality for and advancement of all people based solely upon the merits of abilities and actions alone, without regard to race, creed, color, sex, age, national origin, or disability.

TO APPLY FOR THIS POSITION: Please submit a current resume with salary requirements @ https://envisioneeringinc.com/   Resumes held in strict confidence.

ACCESSIBILITY ACCOMMODATION FOR APPLICANTS: If you are a job seeker with a disability and require a reasonable accommodation to apply for one of our jobs, please contact Human Resources (HR) (hr@envisioneeringinc.com) to request the appropriate accommodation.

Equal Employment Opportunity

Pay Transparency Non-Discrimination Provision

 

#IT – SECURITY

Job Application

VOLUNTARY SELF IDENTIFICATION, EQUAL EMPLOYMENT OPPORTUNITY (EEO) FORM

Qualified applicants are considered for employment without regard to race, religion, sex, national origin, age, marital status, sexual orientation, veteran status, disability, or other protected characteristic.

Envisioneering, Inc. is subject to certain governmental recordkeeping and reporting requirements for the administration of civil rights laws and regulations. In order to comply with these laws, we invite employees to voluntarily self-identify their race or ethnicity. Submission of this information is voluntary and refusal to provide it will not subject you to any adverse treatment. The information obtained will be kept confidential and may only be used in accordance with the provisions of applicable laws, executive orders, and regulations, including those that require the information to be summarized and reported to the federal government for civil rights enforcement. When reported, data will not identify any specific individual

This form will be kept in a confidential file separate from your application for employment.

Gender Identification (check one)
Select all the following categories with which you identify

VETERAN SELF-IDENTIFICATION FORM

Envisioneering, Inc. is a federal contractor subject to the Vietnam Era Veterans Readjustment Assistance Act of 1974 (VEVRAA), as amended, which requires that federal contractors take affirmative action to employ and advance in employment qualified individuals without discrimination based on a covered veteran status. To fulfill statistical reporting and affirmative action monitoring requirements, Envisioneering invites you to voluntarily identify your veteran status by answering the questions below. Submission of this information you submit will be kept confidential as required under applicable federal and state law. Should you decide not to self-identify at this time, you may do so at any time in the future.

Please check all that apply to you:

Voluntary Self-Identification of Disability

Form CC-305
OMB Control Number 1250-0005
Expires 5/31/2023

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp .

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.
Disabilities include, but are not limited to:

Autism
Autoimmune disorder,for example,lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS

Blind or low vision
Deafness
Cancer
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or hard of hearing
Depression or anxiety
Diabetes
Epilepsy
Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
Intellectual disability

Missing limbs or partially missing limbs
Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)

Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

Please check one of the boxes below:

Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

i Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Maximum upload size: 10MB
Attach Resume/ Upload your resume in doc,.docx or pdf format.
Disclaimer: I UNDERSTAND THAT I AM ABOUT TO SUBMIT PERSONAL INFORMATION OVER A NON SECURE WEB SITE.
*
CAPTCHA

Corporate Headquarters 5904 Richmond Hwy, Ste. 300
Alexandria, VA 22303
Mailing Address: Same
(571) 483-4100 Office
(703) 317-1970 Fax

Washington Navy Yard 810 Potomac Ave, SE, Ste. 311
Washington, DC 20003
(202) 747-3628 Office
(202) 827-4140 Fax

Human Resources 16543 Commerce Dr., Ste. 100
King George, VA 22485
(540) 663-3280 Office
(540) 663-2154 Fax

CUSTOMERS and OTHER LOCATIONS

Kentucky 160th Special Operations Aviation
Regiment (Airborne),
Fort Campbell

Georgia Hunter Army Airfield (HAAF)

Virginia Naval Surface Warfare Center
(NSWC) Dahlgren
King George
Office of Naval Research (ONR)

Washington D.C.Washington Navy Yard
Naval Sea Systems Command (NAVSEA)
Naval Research Laboratory (NRL)
Office of Naval Research (ONR)

Washington Bremerton/ Silverdale
Joint Base Lewis-McChord (JBLM)
Olympia

TOP



WEB DESIGN ALEXANDRIA VA | VISIONEFX