Information System Security Officer / ISSO

NXTKEY CORPORATION

$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • B.A. or B.S. in Computer Science or a related field required
  • Proven experience in system authorizations and configuration management
  • Skills in creating or modifying information security documentation
  • Experience with testing and documenting information security controls aligned with NIST SP 800-53
  • Active Public Trust clearance, adjudicated within the past 5 years
  • Prior involvement in US Federal Government projects essential

Responsibilities

  • Perform Certification & Accreditation and System Assessment & Authorization under NIST SP 800-37 Risk Management Framework
  • Prepare and conduct Vulnerability Scanning tests using tools like Nessus and WebInspect
  • Evaluate security control compliance of information systems with federal requirements
  • Manage risks associated with assigned information systems throughout their lifecycle
  • Coordinate with the Cybersecurity Unit to ensure compliance and maintain Authorization to Operate
  • Conduct annual assessments for compliance with client policies and standards
  • Serve on the Configuration Control Board to assure documentation of Cybersecurity configurations

Benefits

  • Opportunity to work within the federal sector, enhancing governmental cybersecurity efforts
  • Collaborative team environment focused on adhering to industry best practices
  • Involvement with cutting-edge security technologies and tools
  • Potential career development through internal Standard Operating Procedures enhancements
  • A role that directly influences and ensures the security and compliance of vital information systems
Full Job Description
Information System Security Officer / ISSO duties include: • Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation • Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications • Evaluation of the assigned information systems' security control compliance with the federal requirements and the client's monitoring strategy • Management of emerging and defined risks associated with the administration and use of assigned information systems • Coordination with the client's Cybersecurity Unit to achieve and maintain the information systems' compliance and authorization to operate (ATO) • Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package • Performing annual assessments to ensure compliance with the client's policies and standards • Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented • Ensuring information system security requirement are addressed during all phases of information systems lifecycle • Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policies • Generate and interpret documentation needed to address the items detailed within the GRC tool • Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client's monitoring strategy • Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required • Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client's information system monitoring strategy • Support the integration/testing, operations, and maintenance of systems security • Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions • Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures • Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities • Provides system operation support, administers hardware and software inventory Required Skills • B.A. or B.S. in Computer Science or a related field • System authorizations and configuration management • Experience creating or modifying information security documentation • Experience testing and documenting information security controls (NIST SP 800-53) Additional Information Active Public Trust clearance, adjudicated within past 5 years. Must have worked on US Federal Government Projects.

Similar Jobs

More Information Technology Jobs

Find similar Information System Security Officer / ISSO jobs: