Cybersecurity – Information System Security Officer (ISSO)

Company:

The Boeing Company

Job ID:

00000440169

Date Posted:

2024-11-05

Location:

USA - Annapolis Junction, MD

The Boeing Company is currently seeking a Cybersecurity – Information System Security Officer (ISSO) to support Department of Defense (DoD) and Special Access Program (SAP) activities in Annapolis Junction, MD.

Boeing is the world's largest aerospace company and leading manufacturer of commercial airplanes and defense, space and security systems. We are engineers and technicians. Skilled scientists and thinkers. Bold innovators and dreamers. Join us, and you can build something better for yourself, for our customers and for the world.

• Contributes to the development and deployment of program information security for assigned systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures
• Implements Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF), as well as product development and product maintenance for assigned systems
• Performs security compliance continuous monitoring (CONMON)
• Participates in security assessments and audits
• Prepares and presents technical reports and briefings
• Contributes to the identification of root causes, the prioritization of threats, and recommends/implements corrective action
• Provides mentoring and technical leadership within the information security program team
• Explores the enterprise and industry for the evolving state of industry knowledge and methods regarding information security best practices
• Supports development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations

Basic Qualifications (Required Skills/Experience):

• IAM Level 1 DoD 8140.01 (previously 8570.01) compliant certification (i.e. CAP, GSLC, Security+ CE, CISSP, CASP, CISM)
• 1+ years of experience in utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• Active Counter-Intelligence Polygraph

Preferred Qualifications (Desired Skills/Experience):

• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC or CISM)
• Experience with cyber security policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, and/or NIST SP 800 series
• Experience in assessing and documenting test or analysis data to show cyber security compliance

• This position is expected to be 100% onsite. The selected candidate will be required to work onsite at one of the listed location options. Limited telecommuting opportunity may be available.
• This position requires an active U.S. Top Secret/SCI Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)
• This position requires a successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) or requires candidate to have been enrolled in a Continuous Vetting program such that periodic updates are no longer required.
• Typically, 5 or more years’ related work experience or relevant military experience. Advanced degree (e.g. Bachelor, Master, etc.) preferred, but not required.
• This position offers relocation based on candidate eligibility.
• Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.
• This position will be for first shift.
• At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.
• The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.
• Pay is based upon candidate experience and qualifications, as well as market and business considerations.
• Summary pay range: $99,450 - $134,550
• Potential Signing Bonus for Eligible/Qualified candidate.
• Applicants for this position will be accepted through November 14th, 2024.
• Relocation is available for eligible candidates, if authorized.
• U.S. Government Export Control Status: This position must meet export control compliance requirements. To meet export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.15 is required. “U.S. Person” includes U.S. Citizen, lawful permanent resident, refugee, or asylee.
• This is not a safety sensitive position
• This position is not contingent upon program award
• Experience Level: Individual Contributor - 3
• Job Type: Regular
• Job Code: LAQ6I3 (L13)
• Equal Employment Opportunity: Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.
• Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website.
• Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning
• Request an Accommodation - Requesting Interview Accommodations
• Applicant Privacy - Applicant Privacy
• EEO is the law Poster - EEO is the law
• Boeing Policy on EEO - Boeing EEO Policy
• Affirmative Action and Harassment - Boeing Affirmative Action and Harassment
• Boeing Participates in E - Verify
  • English - E-Verify (English)
  • Spanish - E-Verify (Spanish)
• Right to Work Statement
  • English - Right to Work (English)
  • Spanish - Right to Work (Spanish)

Summary and Overview

Development InfoStructure LLC., (DEVIS) provides exceptional DevSecOps integration in our agile software development and embedded software solutions, combined with comprehensive IT management and consulting services to our federal, state, and local governments. The outcomes of our research and development, products, and universe of services will support the international development community, multiple civilian agencies, and the nation's defense and intelligence communities. Our focused research, services, and products include complex DevSecOps solutions to support refugee processing across multiple federal agencies, research and development for Signal Intelligence (SIGINT), Command, Control, Communications, Computers and Intelligence (C4I), Data Analytics, and Intelligence, Surveillance and Reconnaissance (ISR) development and sensor capabilities supporting both the aerospace/defense and intelligence communities, as well as complex HHS comprehensive care coding requirements, and integrated management systems for our countries civilian agencies (FAA, FDIC, HOR, etc.).

Our primary mission is to best serve the needs of our clients by solutioning with our stakeholder teams to ensure that the goals and objectives of our customers are proactively solutioned, such that opportunities to invest our time in developing long-term solutions and assets are abundant and move our clients forward efficiently.

At DEVIS, we are enthusiastic about our research, our work and embracing an environment where all are supported in the mission, while maintaining a healthy work-life balance.

Overview

In this technical and hands-on role, you will focus on researching threats posed by cybercriminals to various systems, technologies, operations, and programs. You will analyze and conduct research to determine a cyber criminal’s capabilities, intentions, and attack approaches, including those with multiple phases. You will be responsible for proactively hunting and identifying malicious attacks against the organization's systems and infrastructure by utilizing various security tools such as SPLUNK and Tanium. In addition, you will be responsible for supporting remediation of any discovered threats and providing incident response. You will be collaborating hand in hand with Cloud and Splunk Subject Matter Experts (SMEs) & Engineers in RPC’s Security Operations Team, and when necessary, you will support them with engineering, upgrading, updating, and fine-tuning various security tools.

This role will also include developing and documenting new and innovative threat-hunting processes to increase the security operation center team’s ability to find existing threats that are otherwise going unidentified or unnoticed.

• Solid knowledge of building and designing queries, reports, and dashboards in SPLUNK Enterprise in order to extract log information from various sources and conduct threat hunting and incident response.
• Support Cyber Security Operations Team with Engineering Tasks including implementation, upgrade, update and maturing new Security Tool Sets.
• Experience in Tanium Modules (Asset, Threat Response, Comply, Protect) to conduct Incident response and threat hunting.
• Experienced in creating and fine-tuning notables, alerts, and dashboards in SPLUNK
• Utilize EDR, IDS, and other security tools to conduct cyber threat hunts and incident response.
• Rapidly respond, escalate, and remediate incidents to minimize risk exposure and ensure system availability; proactively monitor internal and external-facing environments.
• Identify attacker tools, tactics, and procedures to develop indicators of compromise. Form and articulate expert opinions based on findings and analysis.
• Seek opportunities to automate detection and remediation and reduce response times for incidents.
• Provide incident response support and coordination, including investigating security incidents and coordinating with other teams to contain and remediate the incident.
• Producing reports, metrics, and briefings that include perspectives on the behavior of adversaries.
• Collaborate and support inquiries from cross-functional internal and external stakeholders such as system administrators, compliance, and data engineering teams, to ensure documentation is complete and in compliance with information security policies.
• Manage and support the development of security operations playbooks to ensure threat detection, monitoring, response, and forensics activities align with best practices, minimize gaps in detection and response, and provide comprehensive mitigation of threats.
• Evaluate third-party products and services to verify they meet security and compliance requirements.
• Drive improvements in technical architecture, standards, and processes to meet company objectives and best security practices.
• Develops technical solutions to autonomously verify compliance with required technical controls.
• Present findings/reports to stakeholders every week
• Experience with more than one or more enterprise-scale EDR and SIEM tool
• Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways.

Required Skills and Qualifications

• MA/MS (or equivalent experience), 5-7 years of experience OR Equivalent combination of education, technical training and certification (CISSP, C|EH, GIAC GREM, GCTI, GCFR, GCFA, Splunk Certified Cybersecurity Defense Analyst, Splunk Enterprise Security Certified Admin) and/or work experiences.
• Experience in a cloud environment (console, IAM, security groups, etc.)
• Experience in building Splunk Technology Add-ons and configuring field extractions for various data sources
• Knowledge of a tier Splunk installation; indexers, forwarders, search heads, clusters
• Experience analyzing system, network, and application logs for attack techniques at all stages of the cyber kill chain or MITRE ATTACK Framework
• Familiarity with ServiceNow cloud offering
• Familiarity with Red Hat Enterprise Linux and Ansible

Clearance Requirements

• Must be a U.S. Citizen
• Active Secret Clearance

• Competitive salary compensation
• 401k Retirement Contribution Savings Plan

Salary Range: Starting at $100,000

Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual’s race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.

Overview

Prime Healthcare is an award-winning health system headquartered in Ontario, California. Prime Healthcare operates 45 hospitals and has more than 300 outpatient locations in 14 states providing more than 2.6 million patient visits annually. It is one of the nation’s leading health systems with nearly 50,000 employees and physicians. Fourteen of the Prime Healthcare hospitals are members of the Prime Healthcare Foundation, a 501(c)(3) not-for-profit public charity. Prime Healthcare is actively seeking new members to join our corporate team!

Company is an equal employment opportunity employer. Company prohibits discrimination against any applicant or employee based on race, color, sex, sexual orientation, gender identity, religion, national origin, age (subject to applicable law), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. The Company also prohibits harassment of applicants or employees based on any of these protected categories. Know Your Rights

Privacy Notice for California Applicants: https://www.primehealthcare.com/wp-content/uploads/2024/04/Notice-at-Collection-and-Privacy-Policy-for-California-Job-Applicants.pdf

• Under the minimal Direction the IAM Analyst - Epic is responsible for managing and maintaining access to Epic Electronic Health Record system.
• Work closely with healthcare professionals, IT teams, and compliance specialists to ensure that authorized individuals have the appropriate access levels while maintaining the confidentiality and integrity of patient data.
• Position requires little or no supervision as they build, maintain the system and exercise independent judgement and discretion in carrying out day-to-day support related activities.
• Perform complex design and analysis tasks related to the hospital business operations.
• This position also requires strong customer service skills to ensure a positive experience for the end-users.

Required qualifications:

• Bachelor's Degree in Information Technology, Computer Science, Health Informatics, or a related field.
• Three (3) years of IT experience working in a Health Care service delivery.
• Two (2) years of experience in Epic user access administration and management.
• Proficiency in Epic “Security and Access”.
• Familiarity with healthcare regulations (e.g., HIPAA) and security best practices.
• Strong understanding of Microsoft Active Directory, Electronic Health Record systems and their access management processes.
• Understands hospital business operations and structure, general requirements in an integrated delivery system, and use of IT applications in the practicing healthcare environment.
• Knowledge of IT infrastructure, networks, and systems.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.

Preferred qualifications:

• Epic Certification in one or more application modules (Example: Cadence, Prelude, Willow, or Ambulatory).
• Experience with automated provisioning tools and identity access management solutions.
• Understanding of healthcare interoperability standards (e.g., HL7, FHIR).
• Prior experience with EMR implementations and/or support.

Prime Healthcare offers competitive compensation and a comprehensive benefits package that provides employees the flexibility to tailor benefits according to their individual needs. Our Total Rewards package includes, but is not limited to, paid time off, a 401K retirement plan, medical, dental, and vision coverage, tuition reimbursement, and many more voluntary benefit options. A reasonable compensation estimate for this role, which includes estimated wages, benefits, and other forms of compensation, is $32.00 to $60.00. The exact starting compensation to be offered will be determined at the time of selecting an applicant for hire, in which a wide range of factors will be considered, including but not limited to, skillset, years of applicable experience, education, credentials and licensure.