Information Security Specialist II

Company Profile

Oceaneering Technologies (OTECH) develops, manufactures, and operates customized marine systems, shipboard equipment, subsea vehicles, and engineered solutions for commercial and U.S. military vessels.

Oceaneering Aerospace and Defense Technologies (AdTech) delivers solutions that enable humans to work safely and effectively in harsh environments – from underwater to the outer reaches of space. Our innovative solutions support the development and application of practical, cost-effective systems that meet our customers’ challenges – from routine to extreme. Our experience and expertise across multiple industries uniquely positions us as a leader in the government, space, and maritime services markets. Our products and services meet the rigorous demands of the complex environments in which they operate, delivering results without compromising safety or reliability.

Oceaneering is a global provider of engineered services and products, primarily to the offshore energy industry. We develop products and services for use throughout the lifecycle of an offshore oilfield, from drilling to decommissioning. We operate the world's premier fleet of work class ROVs. Additionally, we are a leader in offshore oilfield maintenance services, umbilicals, subsea hardware, and tooling. We also use applied technology expertise to serve the defense, entertainment, material handling, aerospace, science, and renewable energy industries.

Position Summary

Oceaneering International is seeking an Information System Security Officer to assist with overseeing cybersecurity for several systems assigned by the Government Information Systems Security Manager (ISSM). The role involves utilizing the NIST Risk Management Framework (RMF) and related continuous monitoring activities to maximize the security of assigned systems and ensure compliance. The position requires providing technical security expertise in planning, coordinating, preparing, and authoring security authorization documentation necessary to comply with Federal, DoD, and organizational policies. This role focuses on recommending, monitoring, and assessing compliance with security controls, rather than implementing them.

Duties And Responsibilities

This role is responsible for being knowledgeable on cybersecurity principles, risk management process, and implementation.

- Working knowledge of applicable IC, DoD policies, procedures, and operating instructions related to Information Technology,

- Cybersecurity, Information Assurance, and Information Management (IT/IA/IM).

- Ability to collaborate with application leads, sysadmins, DBAs, developers, and testers to ensure assigned systems are security compliant and achieve/maintain ATO.

- Ability to develop, draft, assess, review, and/or endorse all information systems security plans and other security authorization

- artifacts and documents such as:

- System Security Plans (SSP)

- Controls Testing (Security Test and Evaluation (ST&E) Plans

- Security Controls Traceability Matrix (SCTM)

- Security Assessment Procedures

- Security Assessment Reports

- Plans of Actions & Milestones (POA&Ms)

- Privileged and General User Guides

- Cyber SOPs

- Concept of Operations (CONOPS)

- Working knowledge in guiding complex information systems through assessment and authorization control gates.

- Working knowledge in authorization applications such as ServiceNow and eMASS.

- Working knowledge in loading artifacts such as STIG checklists and Nessus scans.

- Ability to implement STIG checklists and mitigate scan findings.

- Ability to establish the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security

- configuration, practices, and procedures for each information system.

- Working knowledge of configuration management, system maintenance, and integration testing.

- Ability to review technical configurations and make recommendations on the protection of classified and sensitive data.

- Ability in the use of tools to prevent and/or negate malicious code.

- Ability in detecting and preventing computer security compromises in a classified environment.

- Ability to collaborate with Incident Response Teams and provide viable recommendations for the resolution of computer

- security incidents.

- Ability to establish and maintain security protocols.

- Ability to establish and maintain effective internal and external working relationships with government and contractor program managers, security professionals, and mission partners.

- Ability to effectively provide ISSO guidance to System Administrators.

- Ability to communicate and work with stakeholders to resolve computer security incidents and vulnerability compliance.

- Ability to implement security measures to mitigate or remediate vulnerabilities and security deficiencies and provide justification for acceptance of residual risk.

- Ability to perform security reviews/assessments, identify gaps in security architecture, and develop a security risk management plan.

- Ability to review and analyze system audit logs to identify anomalous activity and potential threats to network resources.

- Individual contributor that works under limited supervision.

- Determines approach to work, monitored / supervised based on key objective check-ins.

- Lead assignments for specific job function or projects.

- Lead entry level individual contributors to ensure the work completion as per set standards and procedures.

ADDITIONAL:

- Other duties as assigned.

- Scheduled weekly hours: 40

- Day shift – With occasional afterhours and weekends (< 3%)

Qualifications

REQUIRED:

- Must have 2-6 years of relevant work experience with Associate’s Degree in information technology or computer science. Equivalent work experience may be considered in lieu of degree.

- Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

- Knowledge of the full RMF process, the selected candidate must have experience completing a full system assessment resulting in an authorization to operate (ATO).

- Knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.

- Knowledge of systems security testing and evaluation methods.

- Knowledge of countermeasures for identified security risks.

- Knowledge of how to use network analysis tools to identify vulnerabilities.

- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

- Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.

- Oral and written communication skills for change procedures, and management updates.

- Experience implementing and/or verifying compliance with DISA STIGs.

- Experience with using Security Content Automation Protocol (SCAP) tools.

- Experience working independently on cybersecurity in support of a client.

- Experience with risk analysis and compensatory security controls incorporating system/mission owner, and unique operational

- constraints.

- Must have or be able to obtain a TS security clearance, be able to take/pass a polygraph, and be able to maintain both for the tenure of this position.

- Position tenure ship is dependent on completing the full security clearance application process successfully within 1-2 years of accepting position.

- Must have all required IT / Security certifications and maintain for the tenure of this position.

- Must be a U.S. Citizen.

DESIRED:

- DOD 8570 certification for Info Assurance Management (IAM) level III. Prefer candidates who hold Certified Information Systems Security Professionals (CISSP) credential.

Additional Information

PAY, BENEFITS AND WORK SCHEDULE:

We offer a comprehensive and competitive benefits package. Employee benefits vary by role, however, may include Health and Wellness, Mental Health, Retirement Savings, Life and Disability, Paid Maternity and Parental Leave, Paid Time Off, Tuition Reimbursement, and an Employee Assistance Program. Annualized pay rate for this position : $85,000 - $11,500.

Equal Opportunity Employer

All qualified candidates will receive consideration for all positions without regard to race, color, age, religion, sex (including pregnancy), sexual orientation, gender identity, national origin, veteran status, disability, genetic information, or other non-merit factors.

How To Apply

Regular full-time employees who apply will be considered along with external candidates. Employees with less than six months with their current position are not eligible to apply for job postings. Please discuss your interest in the position with your current manager/supervisor prior to submitting your completed application.