Cyber Policy Administrator /ISSO

Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you’ll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
Position Location: Radford VA
5 days onsite

Position Overview:
This position is for a Cybersecurity Policy Administrator supporting the Army Edge Computing Capability (AECC) project that ALTESS is fielding for the US Army in the Pacific theater. The AECC solution is a hyperconverged multitenant private cloud hosting environment for hosting Army enterprise and tactical applications. AECC is utilizing the full suite of VMware products (ESXi vSAN NSX vCloud Foundations ARIA Automation Tanzu) to implement a Software Defined Data Center (SDDC) across multiple global sites. ALTESS provides value added common and managed services built on top of the VMware foundation that hosted Army applications will require. ALTESS is a managed service provider (MSP) and hosting services provider for Army applications. ALTESS is a Product Director office under Program Executive Office Enterprise Information Systems (PEO EIS).
Position Duties:

• Serve as overall subject matter expert on Cybersecurity Policy Administration.
• Work within Enterprise Mission Assurance Support Service (eMASS) to add and update documentation import ACAS and STIG files work with POA&Ms and all other aspects of eMASS management.
• Work between technical and policy teams to implement maintain and monitor technical security configuration controls including Security Technical Implementation Guides (STIGs) Security Requirements Guides (SRGs) and other industry security hardening guidance.
• Work between technical and policy teams to successfully implement and manage requirements for maintaining cloud Provisional Authority to Operate (P-ATO) Authority to Operate (ATO) and security control inheritance capabilities.
• Collaborate with internal and external parties to transform high-level technical objectives into comprehensive technical requirements.
• Act as the ISSO for hosted systems assuming the responsibilities as outlined in AR 25-2.
• Assist hosted customers in obtaining and maintaining RMF for DOD IT and other certifications as required.
• Update and/or assist the hosted system’s personnel in updating artifacts of the accreditation package and store the artifacts in organizationally defined repository; i.e. system diagram (logical and physical) Hardware/Software/Firmware Inventory Interface & Ports Protocols and Services listing etc.
• Assist in the preparation of network infrastructure specifications or designs incorporating required information security features.
• Review and evaluate Information Systems Design Plans Continuity of Operation Plans Communication Plans engineering change proposals and configuration changes for compliance with relevant security regulations policies and best industry practice.
• Interact with the Army Regional Cyber Center in theater performing CSSP duties and customer ISSOs/ISSMs on a regular basis.

Required Technical and Professional Expertise

• Required Skills:
• This position requires the ability to obtain and maintain a Secret Security Clearance
• Mid to senior level Cybersecurity Policy Administrator experience in a cloud environment.
• eMASS experience is required.
• Strong verbal and written communication skills.
• Experience effectively managing multiple large-scale projects.
• Experience automating routine administrative tasks desired.
• Understanding of network storage server and application technologies.
• Working knowledge of DoD STIGs and the Information Assurance Vulnerability Management (IAVM) process.
• Required Certifications:
  • DoD 8570.01-M IAM level II certification is required.
  o Resource must possess Baseline certification as defined in DoD Instruction 8570.01-M.

Preferred Technical and Professional Expertise

• Relevant certifications such as CompTIA Security+ Certified Ethical Hacker (CEH) or similar.
• Knowledge of cloud security concepts (AWS Azure or GCP).
• Familiarity with scripting languages (Python Ruby etc.).
• Knowledge of container security (Docker Kubernetes).