Cyber Security Specialist​/Isso

Overview

Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas:
1) Cybersecurity and Information Operations;
2) Space Operations and Control;
3) Aviation Systems;
4) Ground, Air and Missile Defense, and Fires Support Systems;
5) Intelligence Programs Support;
6) Experimentation and Test;
7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD;
Colorado Springs, CO;
Crestview FL; and Tupelo, MS.

Mission:

Quantum Research is seeking an experienced Cyberscurity Specialist / Information System Security Officer (ISSO) to support the Compute Architecture Operations Center (CAOC) platform. The mid-level ISSO will be responsible for maintaining the system's overall security posture IAW DoD RMF requirements. The ISSO will maintain oversight of configuration management, security scanning and remediation activities, manage the Plan of Action and Milestones (POA&M), and provide cybersecurity guidance to infrastructure team members and on-site personnel to ensure compliance and risk reduction.

Additionally, this role includes facilitating and participating in Configuration Control Board (CCB) meetings, evaluating proposed system and architecture changes to confirm security baselines are maintained through approved change management processes, and executing continuous monitoring activities such as reviewing system audit logs, general/privileged user account reviews, RMF documentation creation/maintenance, vulnerability response (CTOs/IAVAs), Information System Contingency Plan (ISCP) Table-Top exercises, and security control artifact development.

• Develop and maintain ATO related documentation to include Configuration Management Plan (CMP), Account Management Plan (AMP), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), System Security Plan (SSP), and Concept of Operations (CONOPS).
• Identify the correct applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) for technologies used within the Information System (IS).
• Communicate and coordinate with the government System Owner (SO) and/or government ISSM to ensure the system operates within the conditions of the established ATO.
• Advise the program on IS security requirements, ensuring alignment with RMF, applicable NIST Guidelines/Standards, and DISA STIG/SRG compliance.
• Provide security design guidance and analysis to project stakeholders across all RMF phases to ensure alignment with security control requirements.
• Oversee daily system security operations by monitoring control effectiveness, validating access controls, reviewing security audit logs, tracking vulnerabilities, responding to CTOs/IAVAs within government customer2;s SharePoint site, and coordinating remediation efforts to maintain an acceptable security posture.
• Act as the Configuration Management (CM) facilitator and voting CCB member, overseeing change control processes and participating in formal decision-making for system modifications affecting security posture and compliance.
• Prepare Security Impact Assessments (SIAs) for all System Change Requests (SCRs) to support Configuration Control Board (CCB) review and decision-making.
• Perform annual account reviews and approve all general and privileged user account requests prior to creation, ensuring proper authorization, access justification, and compliance IAW approved policies and procedures.
• Review technical security assessments, analyze vulnerabilities, and risk data using ACAS, Nessus, and SCAP scan results to identify system vulnerabilities, non-compliance, and appropriate mitigation strategies.
• Coordinate and manage security incident response activities in…