(626) Information System Security Specialist III

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Overview

The Specialist, Information System Security III (SISS3) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions. This key personnel position provides senior-level cybersecurity expertise and technical execution in support of Propulsion, Power & Auxiliary Machinery Systems Cybersecurity requirements, with specific focus on Risk Management Framework (RMF) lifecycle activities, Assessment & Authorization (A&A), and ongoing compliance and assurance across Navy afloat and ashore environments. The SISS3 is responsible for the development, validation, implementation, and continuous monitoring of cybersecurity controls in accordance with Department of Defense (DoD), Department of Navy (DON), and Naval Sea Systems Command (NAVSEA) policy.

Work Location:  Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required

Clearance:  Active Secret security clearance

Job Responsibilities and/or Success Factors

Cybersecurity Assessment and Implementation

• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
• Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and Platform Information Technology (PIT) ashore systems
• Apply Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and perform Assured Compliance Assessment Solution (ACAS) scanning
• Implement security patches and configuration changes to obtain cybersecurity compliance and remediate vulnerabilities
• Perform analysis of logs, events, and reporting from various data collection tools including ACAS, Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems

Risk Management Framework (RMF) Support

• Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in Enterprise Mission Assurance Support Service (eMASS)
• Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
• Document residual risks based on package content and assessment results for Security Controls Assessor review
• Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
• Ensure compliance with NIST SP-800-37, SP-800-53 Rev 4, DoD Instruction 8510.01, and NAVSEA Business Rules

Systems Security and Monitoring

• Conduct systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
• Monitor and assess impacts from observed cybersecurity risks and report via the Cybersecurity Program chain of command
• Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance
• Test systems to verify adequate functionality for mission and project requirements
• Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning

Technical Documentation and Reporting

• Develop technical documentation including vulnerability assessments, risk assessments, and security compliance reports
• Create and maintain system architecture diagrams, authorization boundary diagrams, and defense in depth diagrams
• Present and submit data to management, develop comprehensive reports, and produce procedural documentation
• Prepare security-related deliverables in accordance with contract CDRLs and government requirements

Operating System Administration

• Provide expert subject matter knowledge of Windows operating systems (Windows 11, 10, 7, XP, 2000, CE 6.0) and Red Hat Enterprise Linux
• Apply system configuration changes and software application updates as required by automated security assessment tools
• Identify, present, and implement improvements to operating system configuration settings to maintain secure operations
• Develop and enhance operating procedures, process guides, and system-level RMF Control Family Plans

Compliance and Coordination

• Ensure all security requirements and controls are implemented in accordance with DoD and Navy cybersecurity policies
• Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process
• Support configuration control board practices and track deliverables per A&A guidance
• Maintain security clearance and comply with all security requirements specified in the contract

Education and Minimum Qualifications

• Must be a U.S. Citizen
• Active Secret security clearance
• Target Education: High school diploma or high school equivalency certificate
• Target Experience: Five (5) years of experience in the following areas:
  • Cybersecurity, Engineering, Test and Evaluation (T&E), or A&A related field
  • Information Assurance tools such as Defense Information Systems Agency (DISA) eMASS and ACAS
  • Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum)
  • Command line interface, PowerShell, and performing automated tasking through use of code
• Minimum Certification: Must demonstrate at least one of the following Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP)

Continuing Professional Education Requirements

• Maintain current IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
• Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

Desired Qualifications

• Experience with Navy cybersecurity programs and RMF processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems
• Knowledge of Navy and DoD organizational structure
• Experience supporting NAVSEA or other Navy commands
• Professional experience in DoD or Navy environments

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.