Jan 24
Top Secret/SCI
Mid Level Career (5+ yrs experience)
CI Polygraph
IT - Security
Washington, DC (On/Off-Site)
cFocus Software is seeking a Senior ISSO to join our program located in Washington, DC / JBAB. This position requires an Active TS/SCI CI Poly.
Job Description:
Lead the RMF process for assigned Cross Domain appliances withing DIA Enterprise networks.
Maintain and report system’s Assessment & Authorization (A&A) status and events.
Manage the System Security Plan (SSP) for assigned Cross Domain systems throughout their lifecycle.
Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
Ability to understand Service Central to monitor project requests required to initiate new change requests.
Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved.
Assist with identification of the security control baseline set and any applicable overlays.
Ability to communicate relevant changes to the Security Control Assessor (SCA)
Assemble the Security Authorization Package and submit for adjudication.
Register and maintain the system in XACTA.
Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment.
Report changes in the security posture of systems to the Authorizing Official (AO).
Utilize the Collaboration Board in XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
Assist the ISSMs in executing their duties and responsibilities.
Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
Ensure an incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly.
Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
Utilize the Collaboration Board in the XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
Requirements:
TS/SCI w Counter Intelligence Polygraph required
Must meet DoD 8570/8140 Certifications (i.e. IAM Level II/III or IAT II/III).
Well versed with using vulnerability assessment tools (ACAS, NESSUS, etc.) and analyzing the results generated from these assessments.
Demonstrated experience writing information system security control documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).
Knowledge of Risk Management Framework (RMF) information security engineering, design concepts and principles.
Support annual assessments in accordance with guidance in the DIA Enterprise standards.
Basic understanding of VMware.
Ability to use MS Office, Analytical and Critical Thinking Skills,
Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates;
Respond to emerging requirements or policies as set by legislation, regulation or policy;
Experience supporting systems hosted in Cloud environments.
Conduct Contingency Plan tests at least annually and updating the plan;
Maintain knowledge of inventory in accreditation boundary;
Oral and written communication skills;
Interpersonal and People Skills.
Job Description:
Lead the RMF process for assigned Cross Domain appliances withing DIA Enterprise networks.
Maintain and report system’s Assessment & Authorization (A&A) status and events.
Manage the System Security Plan (SSP) for assigned Cross Domain systems throughout their lifecycle.
Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
Ability to understand Service Central to monitor project requests required to initiate new change requests.
Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved.
Assist with identification of the security control baseline set and any applicable overlays.
Ability to communicate relevant changes to the Security Control Assessor (SCA)
Assemble the Security Authorization Package and submit for adjudication.
Register and maintain the system in XACTA.
Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment.
Report changes in the security posture of systems to the Authorizing Official (AO).
Utilize the Collaboration Board in XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
Assist the ISSMs in executing their duties and responsibilities.
Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
Ensure an incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly.
Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
Utilize the Collaboration Board in the XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
Requirements:
TS/SCI w Counter Intelligence Polygraph required
Must meet DoD 8570/8140 Certifications (i.e. IAM Level II/III or IAT II/III).
Well versed with using vulnerability assessment tools (ACAS, NESSUS, etc.) and analyzing the results generated from these assessments.
Demonstrated experience writing information system security control documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).
Knowledge of Risk Management Framework (RMF) information security engineering, design concepts and principles.
Support annual assessments in accordance with guidance in the DIA Enterprise standards.
Basic understanding of VMware.
Ability to use MS Office, Analytical and Critical Thinking Skills,
Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates;
Respond to emerging requirements or policies as set by legislation, regulation or policy;
Experience supporting systems hosted in Cloud environments.
Conduct Contingency Plan tests at least annually and updating the plan;
Maintain knowledge of inventory in accreditation boundary;
Oral and written communication skills;
Interpersonal and People Skills.
group id: 10339625
