Our client is looking for a ISSO with a salary between 130-160K. This position will be on-site in in Germantown, MD. If you are not interested but know of someone that may be, please pass this along.
Ideally candidates with already have a Secret or Top Secret clearance. Candidates must be receptive to a Drug test, Background investigation and DOE security processing.
Interview Process: Phone Interview, Onsite interview
Our client has an immediate job opportunity for an experienced Information System Security Officer (ISSO) located in Germantown, MD. The position requires the candidate to obtain a Top Secret security clearance. The selected candidate will provide ISSO SME support for an enterprise level federal IA (Information Assurance) program. The ISSO will collaborate with stakeholders, program managers and cyber operations teams to ensure information systems undergo thorough and ongoing risk based Assessment & Authorization (A&A). They will do so in accordance with agency defined security requirements using the NIST?s Risk Management Framework (RMF) and Cybersecurity Framework consistent with all statutory and policy requirements.
Five to Seven years of experience as an ISSO in a federal agency Extensive experience in developing NIST-compliant RMF documentation to support A&A processes.
Experience with OS administration of Windows and/or Unix/Linux variants Experience with GRC tools such as CSAM, RSAM, TAF or Xacta
Ability to work and lead in a diverse, matrixed team environment Ability to plan, coordinate, execute and track multiple projects simultaneously Skilled in verbal and written communication Skilled in presenting to groups such as classes, lectures Strong knowledge of NIST RMF (Risk Management Framework) and related federal security program disciplines Strong Knowledge of NIST Special Publications (e.g. 800-53, 800-60, 800-171) and Internal/Interagency reports (NISTIRs? e.g. NISTIR 8170) Knowledge of cloud computing service models (e.g. PaaS, IaaS, SaaS) as they relate to FEDRAMP authorization Knowledge of endpoint security tools such as McAfee, HBGary, BigFix, or ForeScout Knowledge of SCRM (Supply Chain Risk Management) Knowledge of Contingency, Disaster and Incident Response planning Knowledge of networksecurityarchitecture and management principles and practices Knowledge of vulnerability scanning and management tools such as Tenable, Qualsysguard, AppScan, WebInspect or Netsparker Skilled in performing cost/benefit analysis
Professional certifications such as CISSP, CISM, CASP, A+, Network+, ITIL, and various GIAC certifications Technical courses or certifications, such as CCNA, MCSA, MCSE, etc.