Overview
Skills
Job Details
Information Systems Security Officer (ISSO) Washington, DC Public Trust
JOB DESCRIPTION
The USMINT Cybersecurity Operations Support Services Program has a current need for an Information Systems Security Officer. The ISSO will be responsible for creating, revising, documenting and maintaining the overall security related policies, procedures, laws and regulations; as well as creating, documenting and implementing various security plans and compliance documents to enforce Information Assurance principles. The ISSO will assist with assessment, development and implementation of programs and controls set in place to preserve the integrity and security of sensitive data and information stored and processed by various network systems. The ISSO will review client/department information security systems and recommend improvements/solutions.
PRIMARY RESPONSIBILITIES
Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), Security Impact Analysis (SIA), POA&Ms, and other relevant security documentation for existing and new systems in compliance with NIST 800-53 controls will be achieved
Meet with System Owners (SO) and provide guidance to them on the security posture of the ATO status, and update security packages accordingly
Analyze and report vulnerability findings to SO and their technical point of contact for remediation
Work with systems owners and engineers to review and update POA&MS
Identify, assess, and mitigate risks to the information system, ensuring that the system remains secure throughout its lifecycle
Able to conduct research and present findings to stakeholders.
Document, organize and implement security control requirements
Use workflows to develop security artifacts with assessors in preparation for assessment
Responsible for continuous monitoring of system security, including reviewing audit logs, tracking security incidents, and ensuring that security controls remain effective over time
Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
Prepare vulnerability test plans and coordinate the testing and result procedures
Assess customer based solutions and provide recommendations for any improvements to current security posture
Ability to review and write security related policies and procedures and influence policy
BASIC QUALIFICATIONS
Ability to obtain Public Trust clearance.
Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
At least 8 years of experience in one of the following areas: knowledge of current security tools, hardware/software security implementation, communication protocols or encryption techniques/tools
Prior experience using ServiceNow GRC tool to support Assessment & Authorization of FISMA systems
Knowledge of auditing security controls and financial processes
Superior writing, communication and critical analysis skills
Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
CISSP preferred, will consider ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)
Ability to obtain Public Trust clearance
Desired Qualifications:
An understanding in researching Emerging Threats and recommending monitoring content within security tools.
Experience with one or more of the following technologies, specific tools: FireEye, Palo Alto, full MS O365 suite (compliance center).
Relevant certifications: Security+,CySA+, GCIA, GCIH, or similar.
Experience with scripting or automation.
Familiarity with cloud security monitoring (e.g., AWS, Azure).
Education:
BS degree preferred