Gray Analytics was founded in 2018 with a vision to bring innovative and creative solutions in the cybersecurity, IT, engineering, and scientific spheres. Our customers span across the commercial and federal domains with our goal being to bring excellent customer service to our clients and employees.
Without the bureaucracy that often exists in larger corporations, Gray Analytics offers increased work flexibility, visibility in company progress, and greater opportunities for advancement. It's with our employees' support that we can help our clients achieve mission and operational success.
At Gray Analytics, our goal is simple: to help our country, its businesses, and its organizations improve security in the Cyber realm. Period.
Position Title: ISSO - KV-HWIL
Location: Hybrid in Huntsville, AL
Status: Full-time; Exempt
Position Description:
Gray Analytics is seeking a talented Information Systems Security Officer (ISSO) to join a technology development program. We are looking for a self-starter with excellent technical skills to implement cybersecurity plans, policies, and security technologies, perform risk assessment and management, perform security audits and assessments, proactively prevent and rapidly respond to security breaches and incidents, and ensure compliance with relevant security regulations and standards.
This position will provide support to the Information Systems Security Manager (ISSM), Government Customers and Stakeholders, Program Management and DevSecOps engineers. This position requires cognizance of multiple on-prem and cloud computing ecosystems in accordance with Defense Counterintelligence and Security Agency (DCSA) accreditation standards and guidance.
The candidate will support the customer in Huntsville, Alabama. The majority of work will be performed in a computing lab, secure lab, or office environment. Some work will be remote at home or at Gray Analytics headquarters. Responsibilities may include time at Government facilities or integration laboratories. Travel <10%.
Responsibilities:
- Serve as Gray Analytics' ISSO, managing and administering assessment and authorization (A&A) package processing.
- Understand Cybersecurity for secure on-prem and cloud networks and systems at varying information levels. Employ security practices, and Cybersecurity concepts to rapid hardware/software prototype development and deployment.
- Participate in the assessment of confidentiality, integrity, and availability of systems, networks, and data.
- Enforce Cybersecurity standards and procedures for all phases of hardware and software lifecycle management.
- Identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
- Assist in developing and improving internal information security plans, rapid response plans, and internal program policies, procedures, and automations.
- Participate in CCB and Risk Board processes for implementing change, identifying and mitigating risks related to cybersecurity.
- Assist in administrative management and technical support of cybersecurity tasks
- Serves as the front-line team member to the government's Authorizing Official team ensuring the dissemination and adherence to Cybersecurity policies, procedures, guidance, and training requirements.
Required Qualifications:
- One of the following combinations of education and experience:
- Bachelor's degree in a related field and a minimum of 3 years of experience to include DoD IT and IA practices (focused on ISSO aspects) and experience with Linux and Windows operating systems
- High school diploma or equivalent and a minimum of 8 years of experience to include DoD IT and IA practices (focused on ISSO aspects) and experience with Linux and Windows operating systems
- Knowledge of the Risk Management Framework (RMF) process and NIST security controls
- Experience with the continuous monitoring of system security controls
- Knowledge of NIST SP 800-160, Systems Security Engineering
- Knowledge of DoDI 8500.01, NIST SP 800-37, NIST SP 800-53, and Committee on National Security Systems Instruction (CNSSI) 1253
- Active DoD Manual 8140 ISSM Intermediate, or higher, certification (CASP, CAP, Sec+, CCNA Security, GICSP, GSEC, SSCP, ect.)
- Experience with Enterprise Mission Assurance Support Service (eMASS) solutions.
- Familiarity with information assurance policies and procedures (NIST SP800-53 Security Controls)
Desired Qualifications:
- Knowledge of information system architecture and standards as they apply to cyber security
- DoD Manual 8140 ISSM Advanced, or higher, certification (CISSP, CISM, GCSA, etc).
- Experience in a DoD security environment preferred
- Candidates should have strong communication and writing skills; be able to work in a team-oriented environment supporting a diverse customer base comprised of program managers, engineers, analysts, specialists, and technicians; and strong attention to detail.
- Experience with cybersecurity related tools to include, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) and Security Content Automation Protocol (SCAP) Nessus, or other vulnerability scanning applications.
- Experience configuring and/or regular usage and monitoring of Elastic or a similar SIEM solution.
- Experience applying and adapting traditional Cybersecurity requirements to non-standard projects and solutions.
- Experience applying Cybersecurity requirements to Azure GovCloud environments.
- Experience with data encryption, role based access controls, and zero trust approach
- Experience with NISPOM, RMF, DAAPM and JSIG certification and accreditation processes
- Knowledge of FedRAMP standards, DoD Impact Levels, NIST Cybersecurity Framework (CSF), and DoD Cloud Computing Security Requirements Guide (SRG).
- Experience with Missile Defense Agency (MDA) a plus
- Knowledge of Cybersecurity Maturity Model Certification (CMMC) a plus
Security Requirements:
- Active Secret Clearance is required at the time of hire in order to be considered.
About Gray Analytics
Gray Analytics values our employees as our most important resource. To showcase these values, we offer not only traditional medical, disability, life, etc. coverages that begin on day one of employment, but also unique benefits to improve our employees' quality of life. Some of these unique benefits include:
- A PTO policy based on total years of experience, not years of service to the company. PTO is available for use immediately at hire, subject to company needs.
- Eligibility for 401K contributions and company matching, Pet Insurance through Spot, Flexible Spending Account, and Tuition and Professional Development Funds begin on day one of employment.
- Charitable donations program on a yearly and quarterly basis where employees can nominate a non-profit of choice to receive donations.
Gray Analytics is an Equal Opportunity Employer and VEVRAA Federal Contractor. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, gender identity, sexual orientation, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, protected veteran status or disability. Gray Analytics, Inc. welcomes minority and veteran applicants.
