Every day at Perspecta , we enable hundreds of thousands of people to take on our nation s most important work. We are a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation s most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselves to respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers.
Perspecta works with U.S. government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees in many ways rewarded through not only competitive salaries and benefits packages, but also through the opportunity to create a meaningful impact in jobs and on projects that matter.
Perspecta s talented and robust workforce 14,000 strong stands ready to welcome you to the team. Let us make an impact together.
We at Perspecta are currently seeking an ISSO on an existing cloud based DOD application. SECRET CLEARANCE REQUIRED AND CISSP or CISM CERTIFICATION ALSO REQUIRED.
The position is key and has contract required experience.
Our task order provides on-site technical and administrative Security Assessment and Authorization (A&A) and Continuous Monitoring (CM) support for the client subject application. The Cloud Information Systems Security Officer (ISSO) implements security engineering principles to review security requirements, verify implementation, and provide mitigation recommendations throughout the cloud life cycle to facilitate secure systems for A&A and Continuous Monitoring support.
The Cloud ISSO responsibilities include, but are not limited to:
Serving as the Information Assurance Section cloud subject matter expert for the A&A and Continuous Monitoring processes
Providing security requirements analysis of cloud architectures and designs
Identify cloud architecture development best practices and applying security best practices to that architecture
Identifying technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring
Explaining cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies
Identifying cloud vulnerabilities and recommending mitigation alternatives for POA&M items
Reviewing cloud security test results to identify weaknesses, technical flaws, and vulnerabilities
Reviewing cloud SLAs for compliance to requirements
Recommending technical process improvements for the A&A process
Represent the client as the cloud security consulting SME
Education and Experience Required:
4-8 years of security engineering in a similar IT environment with an emphasis in vulnerability assessments, incident and risk management. Candidate must possesses a bachelors degree in Information Systems Security certification or equivalent experience. Candidate must also posses a recognized security processional certification (CISSP, CISM, or other).
Knowledge and Skills Required:
Provide cybersecurity support for the Total Ammunition Management System (TAMIS) through the Army s Risk Management Framework (RMF) Assessment and Authorization (A&A) process using the Enterprise Mission Assurance Support Service (eMASS).
Implement security practices displaying best practices in software engineering methodologies, system/security engineering principles, secure design, secure architecture with applicable experience in all these areas.
Designed and developed the Security Architecture and Network for the TAMIS migration to Amazon Web Services (AWS) GovCloud.
Developed and implemented RMF Cybersecurity Policies, Processes, Procedures, and Technical Controls for TAMIS to attain Authorization to Operate (ATO) and become the first cloud-based Army system to be fully accredited and operational.
Work as the liaison between Army G-3/5/7 and third parties (i.e. NETCOM, DISA Cloud Access Point, DISA Internet Access Point, ARL, AWS, Akamai Technologies) to ensure proper implementation of security controls and maintain compliance.
Manage program and cybersecurity risks, the Cybersecurity Workforce (CSWF) Improvement Program, third-party software licensing, Cybersecurity Service Providers (CSSP), and software development support applications (Visual Studio, SharePoint, TFS, etc.) for the TAMIS project.
Responsible for managing and training junior ISSOs/ISSEs supporting the program.
Developed and implemented continuous monitoring practices to ensure ongoing compliance with FedRAMP High, FISMA High, DoD and Army security controls.
Performed security scans of servers using DoD approved tools (ACAS, SCAP, Veracode, etc.)
Completed STIG Checklists to ensure proper security configurations of operating systems and databases
Worked with developers and System Administrator to correct findings from security scans and STIGS checklist