Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. As we enter our 50^th year in business, we are known for continuous innovation for government customers, both long-established and newly acquired, as our capabilities expand around the globe. Our work is state-of-the-art and made possible only through the best personnel, tools, and jobs in the national security business. We are highly collaborative in spirit and practice, and we freely share expertise across SPA in our quest for enduring solutions to critical concerns. Come work with the best!

SPA's Sea Land Air (SLA) Division supports a diverse portfolio of national security government clients, including the Undersea Enterprise, the Navy Surface Community, the Navy MPTE Enterprise, the Army, DoD Agencies, DARPA, OSD, international clients including the Canadian Navy and Australian Defense Force. Our primary objective is to provide timely, objective and analytic assessments that integrate the policy, operational, technical, programmatic and acquisition aspects of our clients' challenges. Leveraging both in-domain and cross-domain expertise to maximize our clients' success, SLA Division acts as trusted agents to senior decision-makers and key leaders and excels at providing data driven analytic insights, systems engineering, strategies and plans that address current and emerging challenges to national security.

SPA's Operations Research and Cyber Analysis (ORCA) Group develops and employs simulation system products in support of operations, experimentation, and the acquisition analysis process. ORCA analysts apply Model-Based System Engineering (MBSE) principles and tools to identify and analyze trends in big data to solve real-world problems. ORCA software engineers and cyber security professionals develop, build, and deploy custom hardware and software solutions to meet our client's toughest challenges.

SPA's San Diego team is looking for an Information Systems Security Officer (ISSO). The selected candidate will perform tasks delegated by the ISSM in support of various information assurance programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) support for information system security software, hardware, and firmware and attends Change Control Board (CCB) meetings.

#MC

SPA is hiring an Information Systems Security Officer (ISSO) to provide support of information systems and ensure that the appropriate operational security posture is maintained. This position is aligned with the Operations Research and Cyber Analysis (ORCA) group located in San Diego. The role will owning the Continuous Monitoring (ConMon) schedule and procedures to include security control performance, system monitoring, auditing, capacity planning, secure hardware and software configuration, and the support of system assessment and authorization processes under the Risk Management Framework (RMF) and continued ConMon activities for multiple systems and enclaves.

Research and address information security issues as required as an authority on the subject
• Assist in preparing, maintaining, and upholding procedures for monitoring and responding to Cybersecurity continuous monitoring requirements (SIEM, Log review, validation of security controls, etc.)
• Oversee day-to-day information system security operations including auditing the IS, hardware, and software implementations and RMF package authorizations.
• Monitor, analyze, and respond to network and security events.
• Document compliance actions with the ISSM to address non-compliance in the allotted time frame
• Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices
• Participate in internal and external security audits and inspections; performs risk assessments
• Ensure records are maintained for workstations, software, servers, routers, firewalls, network switches, etc. throughout the information system's life cycle
• Evaluate proposed changes or additions to the information system and advise the ISSM of their security relevance
• Ensure configuration management (CM) for security-relevant IS software, hardware, and firmware is maintained and documented
• Assist in conducting investigations of computer security violations and incidents, reporting as necessary
• Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered
• Communicate, implement and manage a formal Information Security / Information Systems Security Program together with ISSM, PSO, CPSO, and ISO
• Perform onsite or remote analysis, diagnosis, and resolution of complex desktop problems for end users, and recommend and implement corrective solutions
• Install, configure, test, maintain, monitor, and troubleshoot end-user workstations and related hardware and software
• Receive and respond to incoming calls and/or e-mails regarding end-user or system problems
• Accurately document and maintain ATO documentation including standard operating procedure development, artifact creation, submission of artifacts to ISSM and/or government representatives
• Accurately document instances of equipment or component failure, repair, installation, and removal
• Interface with third-party support and equipment vendors as needed

Travel will be required to support remote client events, up to 15%

At SPA, we strive to deliver a robust total compensation package that will attract and retain top talent. Elements of the compensation package include competitive base pay and variable compensation opportunities.

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc.

Please note that the salary information shown below is a general guideline only. Salaries are commensurate with experience and qualifications, as well as market and business considerations. California Pay Transparency Range: $120,000-$140,000

Required Qualifications:

• Bachelors Degree in Information Security, Information Technology, or related discipline, or equivalent experience/combined education, with 5+ years of professional experience
• At least 3 years experience in the deployment, configuration, and troubleshooting of information technology equipment
• Must have and maintain a DoD 8570.01-M (Information Assurance Workforce) IAM level 1 certification (e.g. Security+, GSLC, CISM, or CISSP)
• Problem solving and time management capabilities
• Extensive experience working with federal/government agencies in sensitive and classified environments
• Familiarity with the Risk Management Framework (RMF), NIST 800-53, JSIG, and other legal and regulatory guidance
• Excellent customer relations and customer support skills
• Experience working in a team-oriented, collaborative environments
• Active DoD Top Secret//SCI security clearance

Desired Skills:

• Experience with RMF artifacts, obtaining and maintaining system ATOs, and implementing new and complex technologies at multiple classification levels within large enterprise environments.
• DoD 8570/8140 IAM Level III certification.
• Ability to understand information systems equipment configurations (switches, routers, IDS, firewalls, servers, storage, etc...)