Careers

Active TS FCL Required

Position Overview:

Calano & Associates, LLC is seeking a highly motivated and experienced Facility Security Officer (FSO) to join our team. The FSO will be responsible for overseeing and managing all aspects of security for our facility, ensuring compliance with government regulations and company policies related to security clearance, access control, and classified information.

Key Responsibilities:

1. Develop, implement, and maintain security policies and procedures in accordance with government regulations (e.g., NISPOM) and company standards.

2. Manage the security clearance process for employees, contractors, and visitors, including initial investigations, periodic reviews, and renewals.

3. Conduct security briefings and training sessions for employees on security awareness, classification guidelines, and handling of classified information.

4. Coordinate with government agencies, such as DCSA (Defense Counterintelligence and Security Agency), for facility inspections, audits, and compliance reviews.

5. Conduct regular security assessments and risk evaluations to identify potential vulnerabilities and implement corrective actions.

6. Respond to security incidents, conduct investigations, and report findings to management and relevant authorities as necessary.

7. Collaborate with internal stakeholders, including HR, IT, and legal departments, to ensure alignment of security policies and procedures with overall business objectives.

8. Serve in capacity of FSO, ITPSO, and develop Security and Insider Threat Program.

Qualifications:

· Top-Secret Facility Clearance required.

· Bachelor’s degree in Security Management, Criminal Justice, or related field.

· Minimum of 7 years of experience as a Facility Security Officer or in a similar security management role.

· Thorough understanding of government security regulations, including NISPOM, FCL (Facility Clearance) requirements, and DoD security policies.

· Experience managing security clearances, conducting investigations, and handling classified information.

Job Type:

· Part-time, Contract

· Expected hours: 30 per week

Schedule:

· Day shift

· Monday to Friday

· Work Location: Fully Remote

Applicants: Send your resume to hr@calanoandassociates.com

TECHNICAL PROPOSAL WRITER - PART TIME

TECHNICAL PROPOSAL WRITER: PART-TIME

Duty Location: 100% Remote

Provide technical writing and editing support in the areas of Information Assurance, Cybersecurity, RMF, A&A, Cloud Security, etc., and/or lead responses to Sources Sought Notices, RFIs, RFPs, RFQs, TOs. Assist in developing, updating, refreshing, and maintaining library of company qualifications. Participate in color team reviews and recovery, solution meetings, and other collaborative events to further the proposal development process. Conceptualize graphics that drive or support written material. Conduct interviews with key personnel, subcontractors, program managers, and subject matter experts to develop resumes, past performance, management, and technical content. As a member of the proposal team, support and contribute to the development of Standard Operating Procedures (SOP) to enhance the efficiency and quality of the writing/editing team and overall proposal group. Contribute artifacts to the Federal Proposal Group’s Knowledge Management Platform for reuse by business units as appropriate

Edit proposals for spelling, typographical, and grammatical errors; proper syntax; as well as readability, ease of comprehension, and consistency.

Education:

Bachelor’s degree REQUIRED
Minimum 7+ years overall professional writing experience – can include internships, part-time jobs, or work as a contributing writer and/or editor of a publication. Relevant documents include white papers, RFIs, proposals.
Experience writing competitive proposals in the Federal Government space is preferred
Proficiency in MS Office Suite, particularly Word
Excellent writing skills, with the ability to communicate complex technical and management approaches
Very strong attention to detail and accuracy
Strong analytical, organizational, and time management skills

Desired

Shipley Associates or other industry training a plus

Familiarity with MS Teams and SharePoint a plus

Applicants: Send your resume to hr@calanoandassociates.com

USCG C5ISC INFORMATION SYSTEMS SECURITY OFFICER (ISSO): CONTINGENT UPON AWARD

INFORMATION SYSTEMS SECURITY OFFICER: CONTINGENT UPON AWARD

Security Clearance Required: Active SECRET

Duty Location: The Contractor must provide on-site contract support which could additionally include travel to other facilities and vessels (air and sea) both CONUS and OCONUS. Physical locations include but are not limited to the following sites:

USCG Headquarters, 2703 Martin Luther King Jr. Ave, SE, Washington DC
USCG C5ISC, 7323 Telegraph Rd, Alexandria, VA
USCG C5ISC, 4000 Coast Guard Blvd, Portsmouth, VA
USCG C5ISC, 408 Coast Guard Drive, Kearneysville, WV
USCG Aviation Logistics Center (ALC), 1664 Weeksville Rd, Elizabeth City, NC;

The Contractor shall serve as the designated ISSO for assigned systems. The ISSO is responsible for but not limited to the following tasks:

Lead the RMF process for assigned systems, or enclaves. Generate and maintain the RMF documentation package that meets all Department of Defense (DoD) requirements and is tailored to a specific system to include but not limited to; Security Categorization Determination, Implementation Plan, System Security Plan (SSP), Configuration Management Plan (CMP), Incident Response Plan (IRP), Contingency Plan (CP), Authorization documentation, IT Security Plans of Action & Milestones (POA&Ms), Scorecards, Security Assessment Reports (SAR), Continuous Monitoring Strategy, Hardware/Software lists, Threat Models, Cybersecurity Strategy, Network Topology, Network Cybersecurity Boundary Diagrams, and Data Flow Diagrams using Government prescribed tracking and processing tools. Continue to maintain all Ongoing Authorization (OA) requirements as determined by the Government. Ensure that all DoD Information System (IS) cybersecurity-related documentation is current and accessible to properly authorized individuals. Provide analyses and decision support information for Coast Guard Cyber Command (CGCyber) to make system/network risk management determinations for an authorization decision. Interpret system designs and diagrams for the purposes of identifying data interconnections, interfaces, protocols, and data types in order to select appropriate security controls to remediate or minimize Cybersecurity risk exposure to the Coast Guard. Provide support and develop a connection approval package such as an Interconnection Security Agreement (ISA), Memorandum of Understanding (MOU), Service Level Agreement (SLA), Authorization to Connect (ATC), and so forth, for systems that require connectivity to any type of USCG Local Area Network (LAN) (i.e., DoD Information Network (DoDIN), CGOne, SIPRNet). Develop plans and perform testing to evaluate compliance with all applicable DoD and industry security requirements, standards, and best practices. Utilize Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)/Secure Requirements Guide (SRG) assessments including leveraging automation as much as possible to gain efficiencies. Perform Security Readiness Reviews (SRR) for the Operating Systems and applications. Perform automated scans and analysis using Security Compliance Checker (SCC) DISA Security Content Automation Protocol (SCAP) benchmarks or current DoD approved tools. Perform automated scans and analysis using the Assured Compliance Assessment Solution (ACAS)/Nessus or current DoD approved tools. Maintain the continuous monitoring process and ensure all systems are compliant with DoD and USCG security guidelines, and DISA STIGs. Review all vulnerabilities identified through regularly scheduled and ad-hoc scanning, assign and track remediation responsibility, and track identified vulnerabilities through remediation via the regular patching cycles or until a POA&M is created for tracking. Identify any vulnerabilities that remain on the system after a period of time and notify designated patch manager to engage to determine how the finding will be disposed. Maintain process and procedures, in coordination with the government, that enable the organization to adhere to Requests for Modification (RFM) while remaining compliant with the overall RFM organizational process. Participate in system change management boards and DHS Systems Engineering Life Cycle (SELC) reviews, as necessary. Conduct Security Impact Assessments (SIA) as part of the change management process to determine if there are any impacts to implemented security controls. Ensure that all Assessment and Authorization (A&A) packages are completed and submitted in time to prevent Authorization to Operate (ATO) expiration. Provide oversight (approval/disapproval) of Ports, Protocols, and Services (PPS), which includes initial registration for an information system, Enterprise Application, or network ports, protocols, and services, and maintain updates to the registered PPS baseline in compliance with the Category Assurance List (CAL). Initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered. Coordinate any security incident forensic analysis with CGCyber Cyber Security Operations Center (CSOC) Incident Response Service Line. Review, update and publish all cybersecurity artifacts to support unclassified (including Chief Financial Officer (CFO)), and classified efforts within USCG prescribed tools and maintain any security relevant artifacts. During all SELC phases, develop documentation and provide any required information for all levels of classification in support of the RMF process. Provide support and collaboration to external inspections, evaluations, audits, and assessments as applicable for supported systems. Manage and track all Plans of Action and Milestones (POA&Ms) created by the organization to address identified weaknesses, vulnerabilities, and audit/assessment findings from creation to closure. Coordinate with other organizations as needed in the processing and management of the POA&Ms. This includes validation of POA&M content submitted by the area of responsibility (AOR) for weakness remediation; ensuring POA&Ms are submitted via proper channels; providing reports and status tracking of remediation efforts; working with the AOR as needed to ensure items are completed in a timely manner; gathering appropriate artifacts for closure; and identifying POA&Ms that will need waivers or risk acceptance. Develop and coordinate Contingency Plan (CP) training/testing as required by DoD and USCG policy annually on or before the expiration date of the previous annual test. Coordinate annual Disaster Recovery (DR) Failover testing for systems with a DR presence and document results of testing to present to the government as needed. Maintain Host Based Security System (HBSS) compliance for assigned systems, and ensure systems are Command Cyber Readiness Inspection (CCRI) compliant. Review HBSS exception and exclusion requests and provide recommendation for government approval. Monitor and remediate rogue devices. Review system HBSS reports. Review applicable system logs in accordance with USCG or DoD security policies and security configuration guidance. Request system-related audit triggers to monitor and correlate daily records at least once per week. Coordinate with C5ISC-ISD-SEC on any custom parser/triggers/alerts. Review system audit records and intrusion detection data to identify security incidents. Analyze any potential threat vectors across disparate internal related systems. Report any system related log data integrity issues or gaps to the government.

Qualifications:

10+ years of relevant experience
2-3 years of experience supporting secure operation of cloud computing systems subject to FISMA
Strong understanding of eMASS
Experience working in small teams with increasing responsibility.
Experience in 1 or more of the following: DISA, JSP
Experience with DoD A&A processes

Education:

Bachelor’s degree REQUIRED
Must maintain compliance with 8570.01M IAM Level II certification required
- Qualifying certifications: CAP, CISSP, CASP+, CISM, GSLC, or CCIS

Applicants: Send your resume to hr@calanoandassociates.com

SENIOR HARDWARE/SOFTWARE INSTALLATION TECHNICIAN - CONTINGENT UPON AWARD

SENIOR HARDWARE/SOFTWARE INSTALLATION TECHNICIAN – CONTINGENT UPON AWARD

Security Clearance Required: Current and Active TS/SCI and or Secret

Place of Performance: Classified or unclassified work may be performed at the Government locations. Most of the work supporting this program will take place at the DISA Headquarters Complex Fort Meade, MD 20755, and potentially at other Government Facilities; (i.e. DISA Data Center, Ogden – Hill AFB, UT; DISA Data Center, Columbus – Whitehall, OH; DISA Data Center, Pacific – Joint Base Pearl Harbor Hickam HI; DISA Data Center, San Antonio; DISA Data Center, Europe – Stuttgart, GE) Alternative work sites allow for regular telework or remote work flexibilities.

Responsibilities: Research, design, develop, or test computer or computer-related equipment for commercial, industrial, military, or scientific use. May supervise the manufacturing and installation of computer or computer-related equipment and components. Provides first contact and incident resolution to customers with hardware, software, and application problems. Perform systems administration of desktop systems connected to local and wide area networks. Provide desktop system management/maintenance responsibilities involving account monitoring, account creation, security, Operating System (OS) installation, and other local area system administration related functions. Diagnose and repair hardware, software, and system issues. Provide Windows Desktop System Administration services and be responsible for the installation, configuration, overall management of all hardware and software related to desktop/laptop computing environment. Install, configure, and troubleshoot the approved standard suite of software. User requests for software assistance shall be submitted through service tickets.

Qualifications:

7+ years of relevant experience
Experience working in small teams with increasing responsibility.
Experience in 1 or more of the following: DISA, JSP, Active Directory, DPAS, Remedy,
Experience with DoD

Education:

BS degree in Computer Science or Information Technology (REQUIRED)
Must maintain compliance with DoDI 8570.01M IAT Level II certification (REQUIRED)
Qualifying certifications: CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP

EEO Statement

Calano & Associates, LLC does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.

Applicants: Send your resume to hr@calanoandassociates.com