Full Job Description
Information System Security Officer / ISSO duties include:
• Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
• Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
• Evaluation of the assigned information systems' security control compliance with the federal requirements and the client's monitoring strategy
• Management of emerging and defined risks associated with the administration and use of assigned information systems
• Coordination with the client's Cybersecurity Unit to achieve and maintain the information systems' compliance and authorization to operate (ATO)
• Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package
• Performing annual assessments to ensure compliance with the client's policies and standards
• Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented
• Ensuring information system security requirement are addressed during all phases of information systems lifecycle
• Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policies
• Generate and interpret documentation needed to address the items detailed within the GRC tool
• Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client's monitoring strategy
• Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required
• Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client's information system monitoring strategy
• Support the integration/testing, operations, and maintenance of systems security
• Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions
• Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures
• Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities
• Provides system operation support, administers hardware and software inventory
Required Skills
• B.A. or B.S. in Computer Science or a related field
• System authorizations and configuration management
• Experience creating or modifying information security documentation
• Experience testing and documenting information security controls (NIST SP 800-53)
Additional Information
Active Public Trust clearance, adjudicated within past 5 years.
Must have worked on US Federal Government Projects.