JR. Information System Security Officer (ISSO) (R37785)

We are a diverse team of collaborators, doers, and problem-solvers who are relentlessly committed to a culture of safety. This position will directly impact the history of space exploration and will require your commitment and detailed attention towards safe and repeatable space flight. Join us in lowering the cost of access to space and enabling Blue Origin’s vision of millions of people living and working in space to benefit Earth.

As part of a hardworking team of diverse specialists, technicians, and engineers (use as appropriate), you will be the primary focal of contact for controlling access to Controlled Unclassified Information (CUI) and providing guidance to employees on proper handling procedures. You will provide assistance to define, create, and maintain the documentation for certification and accreditation of information systems in accordance with government requirements for Blue Origin. You will monitor information systems in order to identify potential security weaknesses, recommend improvements to mitigate vulnerabilities, implement changes, and document upgrades. You will also be required to assess the impacts on system modifications and stay up-to-date on technological advances. This position will directly impact the history of space exploration and will require your dedicated commitment and attention to detail to further the cause of safe and repeatable spaceflight.

Special Mentions 

• Relocation provided
• Travel expected up to 0-10% of the time
• Interviews will include a technical assessment
• Multiple positions available

Responsibilities include but are not limited to:

• Manage Controlled Unclassified Information (CUI) access control process
• Work with Blue Origin Cybersecurity, Enterprise Technology, and Program Management to establish new CUI repositories with the appropriate protections and approvals
• Maintain the Blue Origin CUI training program and standard operating procedures
• Primary POC for incidents involving CUI, interfacing with customer security teams and Blue Origin Cybersecurity Operations Center to respond to incidents involving CUI
• Must be a self-starter and able to work independently
• Provide guidance to employees on secure storage, use, and transmission of CUI
• Assist Lead ISSO in writing/updating authorization and accreditation (A&A) documentation in support of the Risk Management Framework (RMF) and ensure systems are operated and maintained in accordance with these system security plans.
• Assist Lead ISSO in performing oversight of day-to-day maintenance of systems, including auditing and tracking end-of-life and patch management status to ensure systems are protected and identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies.
• Support security planning, assessment, risk analysis, and risk management for customer systems and programs.
• Assist system engineers in the design of security controls for the desired application or system capabilities.
• Participate in Engineering and Configuration Review Boards and Working Groups to develop secure system solutions.
• Work with the CPSO to ensure all users have the requisite security clearances, authorizations, need-to-know, and are aware of their security responsibilities before granting access to systems.
• Use security-related software for the detection of malicious code, viruses, insider threats, and intruders (hackers) as appropriate.
• Prefer to have t a working knowledge of RMF, NIST SP 800-171, NISPOM, and Information Assurance requirements as well as technical understanding of hardening and mitigating a variety of hardware and software.
• Maintain awareness of organization-specific security and information technology policies.

Minimum Qualifications:

• Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.
• Requires a Bachelors Degree in a technology related field and/or minimum of two (2) year’s experience in information assurance and/or IT.
• Must be able to obtain position and certification requirements outlined in DoDM 8140.03 for Information Assurance Manager (IAM) level 1 (CGRC, GSLC, Security+ CE) within six (6) months of employment, with the ability meet future certification requirements as role expands.
• Must be highly organized, able to prioritize tasking as well as multi-task, and willing to work in a team environment.
• Strong critical thinking/analytical skills, attention to detail, creativity, and a sustained commitment to excellence and quality.
• The position requires excellent oral and written communication skills.
• Must be able to work flexible hours.
• Must be able to obtain a Top Secret Clearance with SCI access (CI Poly will be required)

Preferred Qualifications:

• Experience with developing and updating Authorization and Accreditation documentation and system authorization artifacts under the Risk Management Framework (CNSSI 1253/NIST 800-53, etc.).
• Experience in the use of security related auditing tools in support of RMF requirements.
• Additional security certifications such as CISSP or specialized Information Security / Cybersecurity certifications.
• Previous ISSO and/or System Administration experience.
• Excellent proficiency with Microsoft Office software suite (Excel, Word, Powerpoint).
• Current SSBI (within five years), Top Secret Clearance with SCI eligibility (within two years), and/or a previously adjudicated CI Poly.