Apply on Employer Site

KAIROS, Inc. · 1 month ago

Vulnerability Management Lead, Information System Security Officer

Maryland, United States

Full-time

Hybrid

Mid Level

$100K/yr - $145K/yr

3+ years exp

KAIROS, Inc. is a growing Woman Owned Small Business providing full life cycle Cybersecurity services. They are seeking an experienced Information System Security Officer at the Journeyman level to support the Unmanned Carrier Aviation Program Office at Patuxent River Naval Air Station, focusing on vulnerability management and cybersecurity program execution.

ConsultingCyber SecurityInformation TechnologyManagement Consulting

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Assess and validate PMA-268 RMF packages (Authorizations to Operate (ATOs) and Interim Authorizations to Test (IATTs), to include but not limited to:

Coordinate development of the Security Assessment Plan (SAP) with Integrated Product Team (IPT) SSE and system ISSO

Submit SAP for approval

Execute the SAP

Provide a summary of failed controls in Enterprise Mission Assurance Support Service (eMASS) (Risk Assessment)

Complete the Security Assessment Report (SAR)

Provide POA&M update recommendations to the PMA/IPT based on assessment results

Ensure traceability of all vulnerabilities from raw assessment results to the POA&M

Support Continuous Monitoring (ConMon) activities (e.g. annual security reviews, system/changes/ Memorandums for the Record (MFRs))

Create consolidated list of mitigation statements for POA&Ms (unclassified) to assist ISSOs with established mitigation statements for common non-compliant security controls

Establish and execute a PMA-268 vulnerability management program, to include developing guidance for VRAM record creation and management

Develop a PMA Vulnerability and Patch Management Policy

Coordinate development of System level Vulnerability and Patch Management Plans (VPMP)

NAVAIR Rapid Response Lead for PMA-268

Attend Rapid Response meetings

Coordinate consolidated PMA-268 responses to Orders received (i.e. EXORD, OPORD, TASKORD)

Monitor the NAVAIR Vulnerability Management Channel for notifications daily

Maintain the PMA-268 Cyber Directive Status tracker

Create and maintain a Cyber Directives tracker on SIPR summarizing the orders

Manage PMA-268 Portfolio VRAM records

Support PMA-268 Cyber Lead in execution of the PMA-268 Cybersecurity Program

Provide assistance and guidance to PMA-268 ISSOs

Update and sustain PMA-268 RMF Training Slides

Latest RMF guidance

RMF roles and responsibilities flow chart

Assist in the development of eMASS Common Control Packages (CCPs)

Develop RMF security control family templates

Develop PMA Incident Response Plan

Coordinate and provide oversight for all MOU/ISA efforts required in support of cyber authorizations or system use

Qualification

Vulnerability ManagementRisk Management Framework (RMF)Cybersecurity Program ManagementEMASSIncident Response PlanningCustomer RelationsMicrosoft Office SuiteDocumentation SkillsInterpersonal SkillsCommunication Skills

Required

Bachelor's degree in technical or scientific field from an accredited college or university

Three (3) years of recent and relevant experience

Strong customer relations, analytics, documentation skills

Self-starter, highly motivated, strong work ethic with a commitment to quality

Microsoft office suite proficiency, i.e., Word, Excel, PowerPoint

Ability to work within a challenging, fast-paced, team-oriented environment

Ability to work independently

Ability to multi-task and meet competing, deliverable deadlines

Detail oriented

Excellent interpersonal and customer service skills

Excellent verbal and written communication skills to provide clear status and/or communicate issues

Ability to adapt to evolving technology

Demonstrated experience in an area of engineering expertise is required

This position requires an Active Secret Security Clearance

Benefits

Comprehensive benefits package

Company

KAIROS, Inc.

KAIROS, Inc (KAIROS) is a Woman-Owned Small Business (WOSB) providing Life Cycle Program Management (PM), Acquisition, Engineering, Cybersecurity, Logistics, Additive Manufacturing and Learning Development services focused on optimizing customers’ mission objectives and organizational program performance through proven quality methodologies, ethical practices and customer satisfaction.

Founded in 2013

California, Maryland, USA

51-200 employees