Information System Security Officer
Seeking an Information System Security Officer to join our team in downtown Washington, DC.
As a key participant within a cohesive Information Assurance (IA) and securityengineering team you will shareresponsibilities for conducting STIG and FISMA compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting missions worldwide. Direct responsibilities will be based on your greatest strengths and interests. Our team culture also promotes individual mentorship and cybersecurity career path growth in latest information system technologies. Our team constantly seeks out to provide smart and effective solutions backed by efficient team built system architectures plus team documented and tested process and procedures. Work is located downtown Washington D.C. with work schedules somewhat flexible to accommodate family and commuting.
Active top secret clearance and a CISSP certification is required.
Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
Analyze vulnerability scan results for validation and root cause
Perform security system event analysis, investigation, and validation
Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
Participate in Lifecycle Management (LCM) Technical Change Control Boards (TCCB) providing technical guidance for security control compliance
Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting
Perform Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network
Task, track and mitigate Plan of Action & Milestones (POA&M) vulnerability scan and security assessment findings requiring mitigation.
Privileged User Account Management and Role Based Access assignment
Privacy Threshold Assessment (PTA) and Privacy Impact Assessment (PIA) as part of Personal Identifiable Information (PII) Management
Maintain Change Management Plans (CMP), Incident Response Plans (IRP) Information System Contingency Plans (ISCP), and System Security Plans (SSP)
Prepare and conduct training, exercises, and functional testing of IRP and ISCP
Ideal Candidate: Candidates who are highly motivated, passionate in their IT security tradecraft, and looking to make a positive difference every day are best suited for this position. Candidates should possess a general level of understanding and basic level of experience across all team roles and responsibilities with a concentration of significant experience in at least 2-3 skill sets below.
Preferred Skill Sets:
BS degree in Computer Science or Information Technology (5 years’ experience without degree)
3-5 years system and application Certification & Accreditation (C&A), System Assessment & Authorization (SA&A), and/or Independent Validation and Verification (IV&V)
2-5 years security system monitoring, syslog and traffic analysis, and incident response
2-3 years developing and maintaining standard operating procedures and work instructions
2-3 years fulfilling Information System Security Representative (ISSR) role
2-3 years fulfilling Windows and/or Unix administrator role or support
Ability to take a CI polygraph examination is required
Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digitalforensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Prepares securityreports to regulatory agencies. Audits and manages access management.
DESIREDQUALIFICATIONS: BS or equivalent + 5 yrs related experience, or MS + 3 yrs related experience