Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies. We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs. As part of our ongoing support to Navy Ship HM&E Systems and related Cyber Security requirements.
Oasis Systems has an exciting opportunity for a Full Time Information System Security Specialist III to support the Naval Surface Warfare Center Philadelphia Division’s Cybersecure Machinery Control Systems & Networks Department for the US Navy, USCG, NOAA, and Foreign Military Sales (FMS) Machinery Controls, Navigation, Casualty Control, Conditioned-Based Maintenance, and Network Systems on all US Navy Surface Combatant, Amphibious, and Aircraft Carrier ships, as well as NOAA vessels and USCG cutters. NSWCPD Department 50 supports the development, modernization, acquisition, and life cycle maintenance of Control Systems across all ship platforms.
REQUIRED QUALIFICATIONS: (Education, Certifications, Experience, Skills)
This candidate must have experience with the following:
- EXPERIENCE LEVEL: Five (5) years of professional experience within industry in Cybersecurity related field
- EDUCATION: Bachelor of Science (BS) Degree in an Engineering, Business, or Computer Science from an accredited college or university.
- CERTIFICATIONS AND TOOLS: Must have one of the following: CASP or CAP or Security Plus or SSCP
- SECURITY CLEARANCE: Must have and maintain at a minimum SECRET security clearance.
- TRAVEL: The primary places of performance will be at NSWCPD in Philadelphia as well as locally in Norfolk, VA and Panama City, FL. Occasional travel may be required to the following locations: Washington, DC, Norfolk, VA, San Diego, CA, Yokosuka, Japan, Mayport, FL, Pascagoula, MS, Honolulu, HI, Baltimore, MD, Sasebo, Japan, Seattle, WA, Jacksonville, FL, Panama City, FL, Alameda, CA, Kittery, ME, Boston, MA, Charleston, SC, Cheboygan, MI, Key West, FL, Yorktown, VA, Kodiak, AK.
- Must have three (3) years of professional experience within industry with working knowledge of the Risk Management Framework (RMF) process and/or prior experience with the Defense Information Assurance & Certification Accreditation Process (DIACAP).
- Must have three (3) years of professional experience within industry with security policies & guidance documents to assist with the preparation and maintenance of process artifacts, traceability documents purposed for compliance with Authority to Operate (ATO) requirements.
- Working knowledge of the Navy Ship Control Systems, Naval Sea System Command, Naval Surface Warfare Center and Fleet organizations is highly desired.
JOB RESPONSIBILITIES: Functionally, the successful candidate will:
- Provide technical services in support of delivering cyber-secure systems and solutions including the development and submittal of Risk Management Framework (RMF) risk assessments, implementation of DoD secure system configuration and hardening requirements identified in Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs), Assured Compliance Assessment Solution (ACAS) vulnerability assessments, anti-virus (AV) scanning, SEP artifacts, and other supporting documentation required for certifying and maintaining afloat, LBES, LBTF, RDT&E, and/or enterprise platforms.
- Develop RMF Assess & Authorize (A&A) package documentation in accordance with DoD/NAVSEA directives, which includes the following components: Platform Information Technology (PIT) Determination Package documentation, System Categorization Form, Information System Continuous Monitoring Strategy (ISCM), Security Plan (SP), Step Concurrence forms, Plan of Actions and Milestones (POA&M), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Authorization Package, CYBERSAFE Certification, Package Endorsement Letters, and any additional administrative/technical resources required for submission.
- Ensure RMF A&A package is submitted to the certification authority (CA) in sufficient time for review and operational cybersecurity risk recommendation to obtain Designated Accrediting Authority (DAA) authorization decision prior to operations or tests on a live network (i.e. LBES or shipboard).
- Develop, maintain, and execute all IA related tasks and duties in accordance with regulations to include the development and execution of DIACAP/RMF Program to POA&M or STIG.
- In accordance with RMF, monitor and maintain the security posture of IT systems to include patching, implementing STIGs, analyzing network traffic, and applying new physical security measures.
- Develop and/or test new and existing security features to be implemented into the control system operating environment and/or software.
Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.