Information Security Specialist

Company Profile

Oceaneering Technologies (OTECH) develops, manufactures, and operates customized marine systems, shipboard equipment, subsea vehicles, and engineered solutions for commercial and U.S. military vessels.

Oceaneering Aerospace and Defense Technologies (AdTech) delivers solutions that enable humans to work safely and effectively in harsh environments – from underwater to the outer reaches of space. Our innovative solutions support the development and application of practical, cost-effective systems that meet our customers’ challenges – from routine to extreme. Our experience and expertise across multiple industries uniquely positions us as a leader in the government, space, and maritime services markets. Our products and services meet the rigorous demands of the complex environments in which they operate, delivering results without compromising safety or reliability.

Oceaneering is a global provider of engineered services and products, primarily to the offshore energy industry. We develop products and services for use throughout the lifecycle of an offshore oilfield, from drilling to decommissioning. We operate the world’s premier fleet of work class ROVs. Additionally, we are a leader in offshore oilfield maintenance services, umbilicals, subsea hardware, and tooling. We also use applied technology expertise to serve the defense, entertainment, material handling, aerospace, science, and renewable energy industries.

Position Summary

Oceaneering International is seeking an Information System Security Officer to oversee cybersecurity for several systems assigned by the Government Information Systems Security Manager (ISSM). The role involves utilizing the NIST Risk Management Framework (RMF) and related continuous monitoring activities to maximize the security of assigned systems and ensure compliance. The position requires providing technical security expertise in planning, coordinating, preparing, and authoring security authorization documentation necessary to comply with Federal, DoD, and organizational policies. This role focuses on recommending, monitoring, and assessing compliance with security controls, rather than implementing them. Annualized pay rate for this position is $130,000. to $145,000.

Duties & Responsibilities

This role is responsible for being knowledgeable on cybersecurity principles, risk management process, and implementation.

• Thorough working knowledge of all applicable IC, DoD policies, procedures, and operating instructions related to Information Technology, Cybersecurity, Information Assurance, and Information Management (IT/IA/IM).
• Collaborate with application leads, sysadmins, DBAs, developers, and testers to ensure assigned systems are security compliant and achieve/maintain ATO.
• Ability to develop, draft, assess, review, and/or endorse all information systems security plans and other security authorization artifacts and documents such as:

o System Security Plans (SSP).

o Controls Testing (Security Test and Evaluation (ST&E) Plans.

o Security Controls Traceability Matrix (SCTM).

o Security Assessment Procedures.

o Security Assessment Reports.

o Plans of Actions & Milestones (POA&Ms).

o Privileged and General User Guides.

o Cyber SOPs.

o Concept of Operations (CONOPS).

• Demonstrated proficiency in successfully guiding complex information systems through assessment and authorization control gates.
• Proficiency in authorization applications such as ServiceNow and eMASS.
• Loading artifacts such as STIG checklists and Nessus scans.
• Helping to implement STIG checklists and mitigate scan findings.
• Ability to establish the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system.
• Expertise with configuration management, system maintenance, and integration testing.
• Ability to review technical configurations and make recommendations on the protection of classified and sensitive data.
• Ability in the use of tools to prevent and/or negate malicious code.
• Ability in detecting and preventing computer security compromises in a classified environment.
• Collaborate with Incident Response Teams and provide viable recommendations for the resolution of computer security incidents.
• Demonstrated ability to work independently of close supervision.
• Ability to establish and maintain security protocols.
• Expert ability to establish and maintain effective internal and external working relationships with government and contractor program managers, security professionals, and mission partners.
• Ability to effectively provide ISSO guidance to System Administrators.
• Communicate and work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Implement security measures to mitigate or remediate vulnerabilities and security deficiencies and provide justification for acceptance of residual risk.
• Perform security reviews/assessments, identify gaps in security architecture, and develop a security risk management plan.
• Reviews and analyzes system audit logs to identify anomalous activity and potential threats to network resources.

Qualifications

REQUIRED

• Must have minimum of 2-5 years of relevant professional work experience.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of the full RMF process, the selected candidate must have experience completing a full system assessment resulting in an authorization to operate (ATO).
• Knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.
• Knowledge of systems security testing and evaluation methods.
• Knowledge of countermeasures for identified security risks.
• Knowledge of how to use network analysis tools to identify vulnerabilities.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.
• Oral and written communication for change procedures, and management updates.
• Experience implementing and/or verifying compliance with DISA STIGs.
• Experience with using Security Content Automation Protocol (SCAP) tools.
• Experience working independently on cybersecurity in support of a client.
• Experience with risk analysis and compensatory security controls incorporating system/mission owner, and unique operational constraints.
• Must have or be able to obtain a TS security clearance, be able to take/pass a polygraph, and be able to maintain both for the tenure of this position.
• Position tenure ship is dependent on completing the full security clearance application process successfully within 1-2 years of accepting position.
• DOD 8570 certification for Info Assurance Management (IAM) level III. Prefer candidates who hold Certified Information Systems Security Professionals (CISSP) credential.
• Must be a U.S. Citizen.

Equal Opportunity Employer

All qualified candidates will receive consideration for all positions without regard to race, color, age, religion, sex (including pregnancy), sexual orientation, gender identity, national origin, veteran status, disability, genetic information, or other non-merit factors

Read Full Description