Information Systems Security Officer - Senior

Job Description

ECS is seeking an Information Systems Security Officer - Senior to work remotely .

ECS is looking for an experienced Information Systems Security Officer (ISSO) to join our team supporting multiple platforms to attain and/or maintain their ATOs. The ISSO will be critical in protecting our DHS customers' information systems and ensuring compliance with federal cybersecurity regulations and policies. The ideal candidate will have a strong background in federal cybersecurity, with at least five years of hands-on experience developing, documenting, and managing Authorization to Operate (ATO) packages for federal information systems.

Responsibilities

• Develop, prepare, and update RMF authorization packages and security documents in accorda nce w ith NIST SP 800-53 Rev. 4/5, particularly those associated with NIST's Risk Management Framework and FedRAMP.
• Applies extensive knowledge of a variety of the Cybersecurity field's concepts, practices, and procedures to ensure the secure integration and operation of all systems.
• Manage the Authorization to Operate (ATO) process throughout the system lifecycle, including initial authorization, reauthorization, and continuous monitoring activities.
• Conduct security assessments and information system security oversight activities, identifying potential security weaknesses and recommending improvements.
• Develop and maintain critical security documentation, such as System Security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Plan of Action and Milestones (POA&M).
• Serve as the primary point of contact for government clients and stakeholders on cybersecurity and compliance matters.
• Coordinate with system owners, developers, engineers, and other stakeholders to implement security controls and ensure compliance with security requirements.
• Manage POA&Ms, tracking remediation efforts and escalating risks as necessary.
• Ensure the collection, review, and documentation of audit records , using financial audi t standards, classified system IA requirements and Privacy Act requirements. analyzing anomalies and ensuring proper remediation.
• Monitor system security configurations, audit logs, and patch management for compliance and threat detection.
• Vulnerability scanning execution, assessment, and analysis
• Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide
• Area Networks [WAN ])
• Stay abreast of evolving security and risk management standards, including NIST, DoD, FISMA, FIPS, guidelines , and apply relevant changes to existing processes.
• Provide configuration management recommendations for security software, hardware, and firmware.
• Support incident response efforts and forensics investigations.
• Provide input to cybersecurity policy and process development and support user training and awareness initiatives.

Salary Range: $145,000 - $145,000

General Description of Benefits

Required Skills

• Bachelor's Degree in Computer Science , Information Systems, Cybersecurity, or a related field.
• No Degree: 10 years of Cybersecurity & FISMA experience
• Bachelor's Degree: 8 years of Cybersecurity & FISMA experience
• Master's degree: 6 years of Cybersecurity & FISMA experience
• Proficient in the Risk Management Framework (RMF) and all associated tools (e.g., eMASS , Xacta , ACAS, Splunk, DISA STIGs, SCAP, STIG Viewer).
• Experience with cloud security requirements and compliance in federal environments (e.g., FedRAMP, AWS, Azure).
• Strong understanding of federal cybersecurity policies, regulations, and guidelines, such as NIST 800-53 Rev. 4/5, FISMA, and DoD directives.
• Professional security certification such as CISSP, CISM, CompTIA Security+ CE, SSCP, CEH, CASP, CISA or higher, in compliance with DoD 8140 requirements.
• Experience interpreting vulnerability scans (e.g., ACAS, Tenable Nessus, SCAP) and developing remediation plans.
• Excellent written and verbal communication skills, including the ability to present complex technical information to diverse audiences.
• Demonstrated ability to work independently and collaboratively in a fast-paced, deadline-driven environment.
• Outstanding problem solving and analytical skills, including ability to create clear observations, analysis and conclusions based on customer interviews and data.
• Minimum Education: Possesses one of the following professional security certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)
  • CompTIA Advanced Security Practitioner (CASP)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Information Systems Auditor (CISA)
  • Similar security professional certifications must be approved by the Federal PM

Desired Skills

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.