Information Systems Security Engineer (Isse) / Cybersecurity Sme

Job Description
The Information System Security Engineer (ISSE) / Cybersecurity Subject Matter Expert (SME) for Modeling and Simulation Systems is responsible to the Project Manager for the security of the local network and supervises and makes recommendations to the Project Manager on the overall cybersecurity of the project. The ISSE / Cyber SME reports to and receives work direction from the Project Manager through the local prime contractor’s Site Lead. The ISSE for Modeling and Simulation Systems will perform the following duties:
Essential Duties And Responsibilities
Role:
Cybersecurity SME
Provide cybersecurity technical and management support to the Project Team ISSEs at all Battle Simulation Centers (BSCs) and Combined Arms Staff Trainer Facilities (CASTs) on this project.
Provide cybersecurity oversight, direction, and guidance to each ISSE as required in support of attaining and maintaining ATOs through the RMF process. Conduct on-site instruction and technical assistance to each BSC/CAST as required.
Monitor each ISSE’s Plan of Action for the implementation of patches/updates on all client, server, and system security vulnerabilities using both automated scanning tools and manual compliance checks.
Receive monthly cybersecurity results, activities, and projections reports from each ISSE;
collate and report overall cybersecurity results, activities, and projections to the Project Manager monthly.
Monitor and report compliance with Marine Corps Cyber Operations Group (MCCOG) issued Marine Corps Enterprise Network (MCEN) Operational Directives (OPDRS) for all BSC/CAST IT systems, information systems, and network resources.
Manage the Project Team’s cybersecurity workforce (CSWF). Ensure personnel accessing information systems have the proper IA certification to perform privileged or cybersecurity functions per DoD 8570, Information Assurance Workforce Improvement Program (DoD 8140), and the SECNAV M-5239.2, Department of the Navy Information Assurance (IA) Workforce Management Manual to Support the IA Workforce Improvement Program;
and USMC HQMC ECSM 024,Cybersecurity Workforce Program Management.
Role:
ISSE
Ensure MCAGCC BSC/CAST complies with cybersecurity policy.
Report MCAGCC cybersecurity results, activities, and projections monthly.
Implement cybersecurity solutions in compliance with the RMF, NIST, DoD, and Marine Corps policies and standards to establish or sustain ATOs for information systems and networks.
Provide cybersecurity oversight, direction, and guidance to the MCAGCC BSC/CAST workforce in support of maintaining ATOs through the RMF process.
Provide a consistent reporting environment to maintain and track IT assets and ensure systems are securely managed regardless of location by providing patch coverage across operating systems and applications for improved defense against the latest vulnerabilities.
Assess and manage risks associated with information technology resources.
Evaluate threats, risks, and vulnerabilities and develop countermeasures to ensure continuation in the event of an IT services disruption.
Monitor and report compliance with Marine Corps Cyber Operations Group (MCCOG) issued Marine Corps Enterprise Network (MCEN) Operational Directives (OPDRS) for all MCAGCC BSC/CAST IT systems, information systems, and network resources.
Maintain and update a continuous Plan of Action and Milestones (POA&
M) for reporting to the ISSO on the implementation of patches/updates on all client, server, and system security vulnerabilities using both automated scanning tools and manual compliance checks.
Run and review vulnerability and compliance scans performed at the MCAGCC BSC/CAST on all networks and services using current DoD Assured Compliance Assessment Solution (ACAS), or other approved solution(s) as required.
Provide weekly reports to the prime contractor’s Site Lead and the Green Cell site
Representative for all client, server, and network infrastructure software patches and updates, security vulnerabilities and fix actions, current security vulnerability POAMs, and action required in response to Operational Directive (OPDRS). Ensure sufficient patch management processes are implemented using available and authorized patch management solutions to minimize cybersecurity vulnerabilities and comply with Operational Directives (OpDirs) in support of day-to-day operations and training events and exercises.
Implement Information Assurance Vulnerability Alerts (IAVAs), OpDirs, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), patches, and industry best practices to ensure cybersecurity compliance of BSC/CAST information, C2 and simulation systems.
Prepare and maintain A&
A-related documentation (i.E., site inventory, software baseline, equipment lists, ports, protocols, and services management (PPSM), self-assessment/test plans, etc.), POA&
Ms, security plan, vulnerability scans, Security Assessment Report (SAR), contingency plans, information assurance vulnerability management plans, cybersecurity waiver requests, cybersecurity waiver extension requests, and Federal Information Security Management Act (FISMA) related reporting requirements within Marine Corps Certification and Accreditation Support Tool (MCCAST).
Configure and implement Endpoint Security Solutions (ESS) policy to achieve compliance with other USMC C2 information systems (e.G., AFATDS, JADOCS, TBMCS, TCS, etc.).
Install, operate, maintain, and troubleshoot ESS client and server elements and modules to support day-to-day operations and training events and exercises.
Draft written reports to the Contract Site Lead reporting and correcting BSC/CAST cybersecurity security violations.
Maintain current and historical documentation of all BSC/CAST RMF Assessment and Authorization (A&
A) packages.
Submit Marine Corps Certification and Accreditation Support Tool (MCCAST) packages as required.
Perform additional related duties as required.