Sr Information System Security Analyst

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.

Equal Employment Opportunity

Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.

This position will perform the functions of the Information System Security Officer (ISSO) for multiple Department of Defense (DoD) and Intelligence Community (IC) programs. The ISSO will work under the direction of the Information System Security Manager (ISSM) to ensure the confidentiality, integrity, and availability of multiple classified computer systems. Candidates must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands technical proficiency, customer service, communication, and organizational skills.

Implements the information systems security program for assigned programs/systems in compliance with NISPOM Chapter 8, NIST RMF, JAFAN 6/3, DCID 6/3, ICD 503, and JSIG requirements.
• Applies cyber security standards including DISA STIGs, RMF security controls (SP 800-53, SP 800-171, CNSSI 1253), and Draper policies and procedures to classified computing systems.
• Performs Continuous Monitoring (ConMon) of security controls, to include audit log review and archive, security updates and patching, compliance scanning (SCAP), configuration management, account management, vulnerability management, and control status reporting.
• Assists with preparation and maintenance of security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM) including participation in system categorization.
• Participates in security incident response as necessary, including spill remediation, intrusion and malicious code detection and investigation, reporting, and mitigations to prevent reoccurrence.
  Supports awareness and training objectives by reviewing policies and materials, and suggests program improvements.
  Participates in Configuration Control Board (CCB) as a voting member.
• Coordinates with and assists other Draper security and information systems stakeholders as required.
• Performs other duties as assigned by the ISSM.
  

Required Qualifications

• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or related discipline from an accredited college or university (Non-degreed candidates with in depth technical/compliance experience will be considered).
• Active TOP SECRET security clearance w/SCI eligibility (Poly preferred).
• DoD 8570.01-M IAM Level 1 or higher certification (CISSP preferred).
• 5 years' experience as an ISSO, ISSM, or System Administrator implementing NISPOM Chapter 8, NIST RMF, JAFAN 6/3, DCID 6/3, ICD 503, and JSIG requirements.
• Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
• Experience performing security audits with and without specialized SIEM tools (Splunk experience highly desired).
• Ability to work in a team environment as well as independently, demonstrate excellent problem solving abilities, be well organized, flexible, and self-motivated.
  

Desired Qualifications

• Experience with Splunk and Nessus
• TS/SCI with Poly
• CISSP certification