Information Security Officer / ISSO - CFT L3

JOB SUMMARY: The NASA SES III contract provides ETD IT services for engineering facilities and labs. These tasks include maintaining the system and infrastructure security, documentation of the infrastructure and the support of projects as requested. This task includes maintaining, developing, and documenting software required for environmental testing, data analysis, and visualization as needed.

The areas that will be supported include but are not limited to: Center Network Environment (CNE) support, Special Management Attention (SMA) flight project support, Spacecraft Testing Complex (STC) and Advanced Manufacturing Group (AMG) support.

Location: This position is located at NASA Goddard Space Flight Center in Greenbelt, MD. This position is primarily on-site with some telework allowed.

PRIMARY DUTIES:

• Support the Special Management Attention (SMA) flight projects by maintaining the Space Testing Complex (STC), the System Security Plan (SSP) and Authority to Operate (ATO) and providing the infrastructure necessary to support each flight project such as firewall rules, switches, security cameras, etc.
• Support the NASA mandate to move the STC Operational Technology (OT) systems into the IT system boundary by integrating OT into the STC Configuration Management (CM) process. This includes helping the test disciplines migrate to ethernet based devices for speed and reliability; updating the SSP using NIST overlays to include specific ICS control guidelines; and ensuring that security postures and systems are updated to include OT.
• Support STC in maintaining its ATO by performing the required Continuous Monitoring (CM) processes mandated by the approved CMP, which is part of the overall STC approved SSP. The CM processes include maintenance, license management for software (SW) used by code 527 I&T staff and 527 I&T support personnel, updates to hardware (HW) / SW, and related devices, reporting and security controls testing. Updates may include technology refresh to STC IT equipment / SW that is reaching end of life, and new technology that may improve the functionality / security of the STC.
• Maintain the SSP and all associated documentation as required by the most recent revision of NIST SP-800-53.
• Maintain various systems such as the data system servers, data support systems, test facility systems, backup systems, archival systems, STC specific network infrastructure, etc.
• Manage Windows updates and patch management for both the NDC network and the STC isolated network ensuring security compliance while minimizing disruption to operational project work.

REQUIREMENTS:

• Extensive knowledge of FISMA and FISMA/2014 NIST guidance, including Special Publications (SP) series and Federal Information Processing Standards (FIPS).
• Extensive experience in preparing and maintaining system security documentation to include, but are not limited to, System Security Plan (SSP), Risk Assessment Report (RAR), Contingency Plan (CP), CP Test Report, and Plan of Action and Milestones (POA&M) reports.
• Expertise in PKI certificate management and the administration of network security groups across multiple environments.
• Proficient knowledge of Check Point firewall technology with the ability to create, modify, and manage firewall rule sets while maintaining security posture and ensuring network protection is not compromised.
• Experience with Splunk for log management and analysis. Possess working knowledge of Epicor ERP software to support enterprise resource planning operations.
• CISSP certification for advanced information security management capabilities.

RELEVANT EXPERIENCE: 15 years of system administration, systems engineering, ISSO, or software development experience.

EDUCATION/CERTIFICATION: BS degree or equivalent experience, in computer sciences, engineering or mathematics.

SECURITY CLEARANCE: US Citizenship is required. Ability to obtain Public Trust clearance.

ABOUT US: At MCSG Technologies, we believe the path to success begins by empowering our employees to do what is best for our customers. This helps create value for our customers and business partners through efficiencies and cost effective relationships that are built on trust, while delivering on-time and within budget. Our company ethos is simple Empowered to serve our customers, our communities, our colleagues. If you would like to learn more, please visit our website at www.mcsgtech.com or find us on Glassdoor.

BENEFITS OFFERED: Medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, EAP, parental leave, paid time off, holidays and more. Learn more about MCSG Technologies benefits: https://www.mcsgtech.com/benefits/.

COLORADO'S EQUAL PAY ACT: In compliance with Colorados Equal Pay for Equal Work Act; MCSG Technologies considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidates work experience, education/training, and key skills.

EOE STATEMENT: We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, disability status, protected veteran status or any other characteristic protected by law.

PAY TRANSPARENCY NONDISCRIMINATION PROVISION: The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c)