Today
Secret
Senior Level Career (10+ yrs experience)
No Traveling
IT - Security
Sr. Information System Security Officer (ISSO)
Location: Remote
Clearance Requirements: US Citizenship required; Secret or Top Secret preferred
About Amplify…
At Amplify Federal, we believe that our country’s future will be determined by our ability to drive technology innovation quickly, ethically, and at scale – and we are eager to play our part in ushering in a better tomorrow. Our mission is to advance the pace of technology modernization across the Federal IT by building teams that are values-based, customer-obsessed, and outcome-oriented.
The Project…
The Sr. ISSO will support Amplify Federal’s work on the MEGA 5 - a seven (7) year program with the U.S. Department of Justice (DOJ) for purposes of providing information technology and automated litigation support services to DOJ offices, boards, and divisions as well as other federal government agencies.
Our team’s work has a direct impact on the effectiveness of DOJ litigation efforts, as it greatly enhances the ability of the litigation team to manage large, data-rich cases and to derive meaningful outcomes on behalf of American citizens.
The DOJ’s litigation support technology stack is both comprehensive and state-of-the-art. Providing security to these systems is of critical importance.
Job Description:
The Sr. ISSO is a “hands-on” position responsible for conducting structured security certification and accreditation activities utilizing the Risk Management Framework (RMF) and in compliance with the Federal Information Security Management Act (FISMA) requirements. As a member of the Security Team, you will lead the review of technical, management and operational Security Controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the IT system’s information technology and security solutions.
In this role, you will be responsible for:
• Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon DOJ, FBI, and NIST
• Ensuring all Information Systems (IS) are operated, maintained, and disposed of in accordance with security policies and NIST publication series NIST 800-53
• Initiate protective and corrective measures when a security incident or vulnerability is discovered
• Monitor system recovery processes and ensure the proper restoration of an IS security features
• Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
• Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process)
• Manages ATO artifacts, documentation and provides updates within the DOJ Cyber Security Assessment Management System (CSAM)
• Establish audit trails and ensure their review, and make them available, when required, to the Chief Information Security Officer (CISO) or the Information System Security Manager (ISSM)
• Retain audit logs in accordance with Department of Justice (DOJ) policy
• Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
• Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
• Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators
• Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan
(DRP) (as required), and Incident Response Plan (IRP)
• Support risk assessment and evaluation activities throughout the Assessment & Authorization (A&A) (Formally Certification and Accreditation (C&A))
• Establish audit trails, ensuring their review and reporting all identified security findings
• Manages changes to system and assesses the security impact of those changes
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk
Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
• Supports security authorization activities in compliance with Risk Management Framework (RMF)
• Obtain Approval to Operate (ATO) for systems
• Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information
• Provide immediate response to all reported MSSP CI’s and other reported incidents in accordance with PAE’s incident response and ITS incident handling procedures
• On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs
The successful Senior Information Systems Security Officer must have:
• Bachelor's in Computer Science, Information Systems or related field and 6-8 years of demonstrated results, or equivalent experience with a concentration on C&A as it applies to the US Government.
• Prior ISSO or ISSM experience is required.
• Experience with the NIST/FISMA regulatory and compliance requirements.
• Experience with DOJ Cyber Security Assessment Management System (CSAM).
• Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle.
• Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
• Industry-specific certifications, including one or more of the following: CISSP, CISA, CISM, SANS, CEH.
• Experience with DOJ, DISA, NSA, DSS and DoD IA standards and Certification and Accreditation (C&A) processes.
• Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC). Knowledge of Information Assurance Vulnerability Alerts (IAVAs).
• Must be customer focused and possess the ability to identify issues, analyze, and interpret data and develop solutions to a variety of moderately complex technical problems.
• Ability to represent the organization as a knowledgeable resource on external projects while demonstrating a strong analytical, verbal and written communication skill set to accurately document, report, and present findings.
• Hands on IT technical experience working with networking and computing environments.
• Experience using vulnerability assessment tools/platforms such as Acunetix, Nessus, ACAS, Qualys, Nexpose, along with centralized logging and penetration testing.
• Strong experience with documenting test. environments, requirements, results and POAM resolution.
Location: Remote
Clearance Requirements: US Citizenship required; Secret or Top Secret preferred
About Amplify…
At Amplify Federal, we believe that our country’s future will be determined by our ability to drive technology innovation quickly, ethically, and at scale – and we are eager to play our part in ushering in a better tomorrow. Our mission is to advance the pace of technology modernization across the Federal IT by building teams that are values-based, customer-obsessed, and outcome-oriented.
The Project…
The Sr. ISSO will support Amplify Federal’s work on the MEGA 5 - a seven (7) year program with the U.S. Department of Justice (DOJ) for purposes of providing information technology and automated litigation support services to DOJ offices, boards, and divisions as well as other federal government agencies.
Our team’s work has a direct impact on the effectiveness of DOJ litigation efforts, as it greatly enhances the ability of the litigation team to manage large, data-rich cases and to derive meaningful outcomes on behalf of American citizens.
The DOJ’s litigation support technology stack is both comprehensive and state-of-the-art. Providing security to these systems is of critical importance.
Job Description:
The Sr. ISSO is a “hands-on” position responsible for conducting structured security certification and accreditation activities utilizing the Risk Management Framework (RMF) and in compliance with the Federal Information Security Management Act (FISMA) requirements. As a member of the Security Team, you will lead the review of technical, management and operational Security Controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the IT system’s information technology and security solutions.
In this role, you will be responsible for:
• Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon DOJ, FBI, and NIST
• Ensuring all Information Systems (IS) are operated, maintained, and disposed of in accordance with security policies and NIST publication series NIST 800-53
• Initiate protective and corrective measures when a security incident or vulnerability is discovered
• Monitor system recovery processes and ensure the proper restoration of an IS security features
• Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
• Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process)
• Manages ATO artifacts, documentation and provides updates within the DOJ Cyber Security Assessment Management System (CSAM)
• Establish audit trails and ensure their review, and make them available, when required, to the Chief Information Security Officer (CISO) or the Information System Security Manager (ISSM)
• Retain audit logs in accordance with Department of Justice (DOJ) policy
• Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
• Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
• Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators
• Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan
(DRP) (as required), and Incident Response Plan (IRP)
• Support risk assessment and evaluation activities throughout the Assessment & Authorization (A&A) (Formally Certification and Accreditation (C&A))
• Establish audit trails, ensuring their review and reporting all identified security findings
• Manages changes to system and assesses the security impact of those changes
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk
Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
• Supports security authorization activities in compliance with Risk Management Framework (RMF)
• Obtain Approval to Operate (ATO) for systems
• Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information
• Provide immediate response to all reported MSSP CI’s and other reported incidents in accordance with PAE’s incident response and ITS incident handling procedures
• On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs
The successful Senior Information Systems Security Officer must have:
• Bachelor's in Computer Science, Information Systems or related field and 6-8 years of demonstrated results, or equivalent experience with a concentration on C&A as it applies to the US Government.
• Prior ISSO or ISSM experience is required.
• Experience with the NIST/FISMA regulatory and compliance requirements.
• Experience with DOJ Cyber Security Assessment Management System (CSAM).
• Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle.
• Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
• Industry-specific certifications, including one or more of the following: CISSP, CISA, CISM, SANS, CEH.
• Experience with DOJ, DISA, NSA, DSS and DoD IA standards and Certification and Accreditation (C&A) processes.
• Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC). Knowledge of Information Assurance Vulnerability Alerts (IAVAs).
• Must be customer focused and possess the ability to identify issues, analyze, and interpret data and develop solutions to a variety of moderately complex technical problems.
• Ability to represent the organization as a knowledgeable resource on external projects while demonstrating a strong analytical, verbal and written communication skill set to accurately document, report, and present findings.
• Hands on IT technical experience working with networking and computing environments.
• Experience using vulnerability assessment tools/platforms such as Acunetix, Nessus, ACAS, Qualys, Nexpose, along with centralized logging and penetration testing.
• Strong experience with documenting test. environments, requirements, results and POAM resolution.
group id: 91129382
