Today
Top Secret/SCI
Senior Level Career (10+ yrs experience)
$150,000
Engineering - Systems
Alexandria, VA (On-Site/Office)
Come join us! We are seeking a qualified and experienced Information Systems Security Officer (ISSO) to join our team. The ISSO will be responsible for ensuring the confidentiality, integrity, and availability of our company’s information systems and data. This role involves implementing security policies, procedures, and controls, as well as monitoring and assessing the security posture of our IT infrastructure. The ideal candidate will have a strong background in cybersecurity, risk management, and compliance standards.
Duties of an Information Systems Security Officer may include:
-Verify the implementation of the information system security program as delegated by the ISSM in support of NIST (800-53), FISMA compliance.
-Implement and maintain security controls in accordance with the System Security Plan (SSP) and organizational policies.
-Develop, document, continuous monitoring strategies, and compliance with the information system security program, ensuring alignment with CSA-provided guidelines for management, operational, and technical controls and informing ISSM of results and corrective action plans.
-Conduct formal and informal vulnerability and risk assessments, scans throughout the system lifecycle and develop and manage Plans of Action and Milestones (POA&Ms) for identified security weaknesses that can affect the ATO.
-Update risk assessments and the Security Plan as necessary to reflect changes in the system or environment and maintain accurate system documentation and configuration logs to reflect current and prior configuration baselines.
-Conduct self-inspections and verify corrective action plan with ISSM, participate in annual assessments and compliance inspections.
-Track and document information system security incidents, providing input for weekly incident response reports.
-Ensure processes are in place to manage user access, including authorization of system access, and regular validation of access rights, deactivate unused or inactive accounts in a timely manner and maintain account documentation.
-Ensure the use of authentication mechanisms at the highest classification level or cryptographic mechanisms compliant controls are employed to protect systems.
-Separate user functionality from information system management functionality to maintain policy requirements and system security.
-Ensure patches and updates for all software and hardware remain current and compliant with policy and customer standards.
-Ensure all system users receive annual security awareness training, and that role-based training is conducted as necessary.
-Brief users on their responsibilities regarding information system security before granting system access.
Educational Requirements:
-5 years of experience in Information Security, with a preference for a B.S. in IT or Information Security (or 2 additional years of relevant experience in lieu of a degree).
-Knowledge of information security engineering, design concepts and principles.
-Recent experience working with a federal customer and NIST, FISMA, and other relevant security frameworks and standards to include STIG compliance.
-Knowledgeable with the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies.
-Knowledge of vulnerability assessment tools (NESSUS, STIG Viewer etc.) and analyzing the reports generated from these assessments.
-Must have excellent written communication skills as the candidate's job will include written interaction with senior- level executives and Government customers.
-Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-Tasking Ability.
-Proven experience in information security management, risk assessment, and incident response.
Preferred Qualifications:
-Industry certifications, such as CISSP, CAP, Security+ certifications are preferred.
-Exceptional interpersonal and verbal communication skills, with the ability to collaborate well across teams and organizations.
-Excellent analytical, problem-solving, and communication skills.
-Experience with eMASS/DAAPM, JSIG for collateral and special access program and sensitive compartmented information classified systems.
Clearance Requirement:
Active Top-Secret clearance, with current SCI eligibility
Duties of an Information Systems Security Officer may include:
-Verify the implementation of the information system security program as delegated by the ISSM in support of NIST (800-53), FISMA compliance.
-Implement and maintain security controls in accordance with the System Security Plan (SSP) and organizational policies.
-Develop, document, continuous monitoring strategies, and compliance with the information system security program, ensuring alignment with CSA-provided guidelines for management, operational, and technical controls and informing ISSM of results and corrective action plans.
-Conduct formal and informal vulnerability and risk assessments, scans throughout the system lifecycle and develop and manage Plans of Action and Milestones (POA&Ms) for identified security weaknesses that can affect the ATO.
-Update risk assessments and the Security Plan as necessary to reflect changes in the system or environment and maintain accurate system documentation and configuration logs to reflect current and prior configuration baselines.
-Conduct self-inspections and verify corrective action plan with ISSM, participate in annual assessments and compliance inspections.
-Track and document information system security incidents, providing input for weekly incident response reports.
-Ensure processes are in place to manage user access, including authorization of system access, and regular validation of access rights, deactivate unused or inactive accounts in a timely manner and maintain account documentation.
-Ensure the use of authentication mechanisms at the highest classification level or cryptographic mechanisms compliant controls are employed to protect systems.
-Separate user functionality from information system management functionality to maintain policy requirements and system security.
-Ensure patches and updates for all software and hardware remain current and compliant with policy and customer standards.
-Ensure all system users receive annual security awareness training, and that role-based training is conducted as necessary.
-Brief users on their responsibilities regarding information system security before granting system access.
Educational Requirements:
-5 years of experience in Information Security, with a preference for a B.S. in IT or Information Security (or 2 additional years of relevant experience in lieu of a degree).
-Knowledge of information security engineering, design concepts and principles.
-Recent experience working with a federal customer and NIST, FISMA, and other relevant security frameworks and standards to include STIG compliance.
-Knowledgeable with the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies.
-Knowledge of vulnerability assessment tools (NESSUS, STIG Viewer etc.) and analyzing the reports generated from these assessments.
-Must have excellent written communication skills as the candidate's job will include written interaction with senior- level executives and Government customers.
-Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-Tasking Ability.
-Proven experience in information security management, risk assessment, and incident response.
Preferred Qualifications:
-Industry certifications, such as CISSP, CAP, Security+ certifications are preferred.
-Exceptional interpersonal and verbal communication skills, with the ability to collaborate well across teams and organizations.
-Excellent analytical, problem-solving, and communication skills.
-Experience with eMASS/DAAPM, JSIG for collateral and special access program and sensitive compartmented information classified systems.
Clearance Requirement:
Active Top-Secret clearance, with current SCI eligibility
group id: 10472608
