Smartronix, Inc., is an information technology and engineering solutions provider specializing in Cloud Computing, Cyber Security, Health IT, Network Operations, and Mission-Focused Engineering. As the ISSO (Information Systems Security Officer) for Government systems you would help develop, implement, review and evaluate Interconnection Security Agreements, Risk Assessments, System Security Plans, Plan of Actions and Milestones (POAM), Security Assessment Reports, System Requirements Traceability Matrix (SRTM), Contingency Plans as well as other documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures. Other duties of the ISSO are also:
- Develop DR (Disaster Recovery)/ BC (Business Continuity)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
- Manage Information Security Audits by federal departments/agencies, including third party auditors.
- Achieve and maintain ATO (Authority To Operate), as required.
- Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures. Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures.
- Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents.
- Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements. Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies.
The ISSO would also maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches. Interface with appropriate government agencies, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.
- Experience with security tools (Nessus, HBSS, ACAS).
- Perform scans, review the results, and write necessary reports and plans.
- Knowledge of DOD applicable STIGs.
- Knowledge of Windows and Linux Operating Systems.
- Experience with the RMF and PIT processes.
- Experience with ACAS, SCAP Scanners.
- OS Hardening.
- Strong written and oral communication skills.
- Familiarity with Excel, Word, Visio and PowerPoint.
- Security+ and one of the following CISSP,CISM or GSLC required.
- 7+years of relevant experience with C&A / A&A.
- Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience.
- 6 years experience in lieu of degree required.