NOTE - Only candidates who reside in one of the following states will be considered: Virginia, Maryland, District of Columbia, New York, New Jersey, Missouri, Florida, Louisiana, Kansas, Colorado, South Carolina, Pennsylvania, and Texas.

Founded in 2002, VMD is an award-winning provider of Agile Software Engineering, Digital Infrastructure, Cybersecurity, and Transportation Security Services to numerous U.S. Federal Government clients including projects across both DoD and Civilian agencies. We specialize in high-level, tip of the spear engagements with a significant impact on mission success for our clients.

Why Join VMD Corp?

VMD fosters a culture that is founded on Eight Core Values and you can watch what our Core Values mean to our Vision Mission Driven employees.

VMD Employees envision the future. We hold ourselves accountable and hold each other to equally high standards. Our people recognize and reward greatness and are humble in doing so. VMD Employees understand big accomplishments take a team. Our people learn from both our mistakes and successes; we pursue improvement relentlessly, objectively and without bias. We share our thoughts and ideas with purpose and transparency. We commit to the mission, the customer and to each other. We love being nimble and producing results.

Our team is one of the best in the business.

About the Mission You Will Join:

The Department of Homeland Security (DHS) - U.S. Immigration and Customs Enforcement (ICE) has entrusted VMD to support the Office of the Chief Information Officer’s (OCIO’s) Information Assurance Division (IAD) to establish, implement, and maintain a mature, robust agency risk management program that integrates Agile and SecDevOps methodologies and other industry best practices.

VMD’s mission is to work on the high-priority federal cybersecurity initiatives within the IAD, providing cybersecurity program management, innovation, governance, vulnerability elimination, Information System Security Officer (ISSO) support, training, and security engineering activities of approximately 100+ FISMA reportable system boundaries. VMD facilitates the implementation and operations at an enterprise-level that deal with a wide-range of cybersecurity tools and incidents to protect ICE IT assets from adversaries. The entire team consists of 80+ cybersecurity professionals and could grow within the next year as agency identifies additional tasks.

Your Impact to the Mission:

As an ISSO, you will be responsible for overseeing the process of obtaining Authorization to Operate (ATO) for ICE information systems. This will involve working with stakeholders to complete the required documentation, leveraging innovative solutions, conducting security testing and evaluation, and addressing any identified vulnerabilities or risks. You will play a critical role in ensuring that ICE information systems meet all necessary security requirements to obtain ATO.

Experience Needed to Be Successful:

This opportunity for an Information System Security Officer requires your proficiency in learning and or using Open Security Control Access Language (OSCAL) in managing FISMA inventory, overseeing POA&M management, conducting assessments, and managing risks for both legacy and cloud computing systems. Your responsibilities include developing and reviewing system-level policies, processes, and procedures. You will have an opportunity to:

• Drive shift-left practices by working with various teams and assist in generating asset inventory reports and identify security related discrepancies in the beginning and during the development lifecycle.
• Ensure that the Security Assessment & Authorization process is automated, tracked, supported, and successfully completed for all assigned systems leveraging OSCAL.
• Implement Risk Management Framework (RMF) and associated regulations, such as NIST, FISMA, and FedRAMP
• Develop and maintain all security documentation in OSCAL format for systems under their purview.
• Execute Risk Management Framework steps in DHS and ICE mandated enterprise governance, risk and compliance tools
• Conduct annual assessments on security controls in accordance with guidance.
• Continuously update all Security Authorization documentation to ensure that all information is current with updates and changes in appropriate laws, regulations, mandates, and directives
• Create Waivers or Risk Acceptance Memos to assist in the effective management of system risks.
• Ensure that Assessment & Authorization (A&A) documentation leverages approved OSCAL templates, forms, regulations, and methods.
• Ensure the accuracy of all Continuous Monitoring information for assigned systems.
• Review proposed Change Requests (CR) to ensure that new systems include the appropriate security requirements at all phases of the SDLC.
• Establish and maintain OSCAL documentation, configuration, and change management for the Cloud infrastructure.
• Perform self-assessments as part of ICE’s Ongoing Authorization program
• Provide advisement and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc.
• Complete and deliver all Security Authorization documentation in a timely manner and ensuring no negative impact to the Authority to Operate (ATO)
• Assist system owner and agency security stakeholders in capturing all system non-compliant controls and weaknesses in POA&Ms.

Basic Qualifiers:

• Education Requirement: Bachelor’s degree in Information Technology, Cybersecurity or related field
• Can Additional Years of Experience Substitute for Degree? No
• Minimum Years of Overall Experience: 7
• Minimum Years of Specific Experience in Field: 5
• Minimum Clearance to Start: Public Trust
• Work Status Allowable: US Citizenship

The Type of Person That Will Excel:

• You are curious, inquisitive, and have demonstrated a constant eagerness to learn through actions.
• You have high attention to detail.
• You demonstrate personal accountability and integrity in all actions.

Travel and Telecommuting:

• Travel: None
• Telecommute Options: Remote

VMD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable Federal, state and local laws. VMD maintains a drug-free workplace.