For two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.

Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law.

Millennium Corporation is hiring an Information Systems Security Officer (ISSO) to work remotely. Qualified candidates must have an active Secret clearance.

• Lead cybersecurity processes and activities (to include RMF) for assigned programs, organizations, systems, or enclaves.
• Ensure compliance with all Navy, DON, and DoD cybersecurity policies.
• Attend Program calls as requested and be available to answer Cyber-related questions.
• Assemble the Security Authorization Package and submit it for adjudication.
• Be familiar with the RAFT tool, and ensure the package is uploaded into RAFT according to the step it is in within eMASS.
• Complete any applicable SOPs as required before submittal.
• Run eMASSter reports before submitting packages to the Validator.
• Provide reports to the Validation Team to ensure the package is ready to push forward in eMASS.
• Create and maintain all required RMF documentation, ensuring all security controls are addressed to include IRP, CMP, ISCP, etc.
• Route RMF documentation for appropriate approvals/signatures.
• Report changes in the security posture of systems to the AO.
• Track assessed and validated vulnerabilities via an eMASS system POA&M, and ensure they are properly rated and ranked during system Configuration Control Boards (CCBs) to capture the most critical vulnerabilities that require correction.
• Ensure the execution of all Continuous Monitoring-related requirements as defined in the SLCM.
• Maintain and report the system’s A&A status and events to the PM/SO, APM, APM-E, and PSO.
• Responsible for coordinating Baseline Changes for the assigned Program to include creating MFRs, gathering technical testing information, working with Program Engineers to gather required information, briefing status to APM, etc.
• Ensure the execution of annual security reviews, annual testing of security controls, annual testing of the contingency plan, and annual testing of the incident response plan in line with FISMA requirements.
• Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
• Assist the Program with Interface Control Agreements (ICAs) for any external partners requesting connections.
• Assist with Cyber input when required for documentation outside standard RMF requirements for assigned Program, i.e., Master Test Strategy
• Maintain communication with EBS ISSO and be available as required to answer questions regarding updates on package status, documentation, Baseline Changes, etc.
• Lead cybersecurity processes and activities (to include RMF) for assigned programs, organizations, systems, or enclaves.
• Coordinate Kick-Off meetings with Validators before executing ASRs or reauthorizations.
• Assist the ISSMs in executing their duties and responsibilities.
• Conduct weekly Cyber Review calls to discuss Cyber-related issues with APM, APM-E, System Administrators, ISSM, ISSE, etc. Topics include ASRs, reauthorization status, Baseline Changes, Continuous Monitoring, POA&M items, etc.
• Provide weekly slides to the team via email.
• Complete any data calls or taskings that are sent out regarding eMASS system details updates, new requirements, reporting, etc.
• Provide evidence of closure before closing out POA&M items in the eMASS record.
• Maintain the Ports, Protocols, Services, and Management (PPSM) spreadsheet and ensure the latest version is uploaded to the assigned Program eMASS record.
• Have a Navy eMASS Account (either current or expired within the last year) with a current eMASS training certificate, OR be able to obtain an eMASS training certificate within 1 month of hire.
• Assist with the identification of the security control baseline set and any applicable overlays.
• Assess the quality of security control implementation against all requirements in accordance with the approved SLCM Strategy
• Coordinate the validation of security controls with the PM/SO, NQV, SCA Liaison, PSO.
• Track system progress throughout eMASS workflows to ensure any rework is completed and the package is moved back to the next step as soon as possible.
• Plan and perform cybersecurity testing to assess security controls and record security control compliance status during sustainment.
• Ensure all documentation within the eMASS record is current, signed, and associated with the corresponding controls
• Utilize the Collaboration Board in eMASS workflow for all formal coordination during the RMF process.
• Create/Manage POA&M entries for vulnerabilities that cannot be remediated within required timelines per DoD or DoN guidance.
• Track POA&Ms from creation to closure and coordinate with assigned Program Engineers / System Administrators to have a cohesive approach to remediation or mitigation of findings.
• Work with assigned ISSE (if Program has an ISSE) to ensure all technical testing is current and uploaded into the record, i.e., ACAS, SCAP, Fortify, WRA, etc.

• Candidate must have an active Secret clearance.
• Bachelor's degree with 8 years of experience or a high school diploma with 13 years of experience.
• 8 years of engineering, computer science, or information technology experience, including at least 3-6 years of cybersecurity experience. 
• Experience in DoD Risk Management Framework (RMF)
• Possess DoD-approved baseline certification such as IAM Level II in accordance with DoD 8570.01-M (i.e., CISSP, GLSC, or CISM).

• Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 10-15 pounds at a time.

• 10%