TMR, Inc. seeks a Top Secret cleared Junior Information Systems Security Officer (ISSO) to support a highly complex federal program. The Junior ISSO shall be responsible for the technical cybersecurity efforts in coordination with the Lead ISSO(s) and is direct support to the Compliance Branch Lead. The Cybersecurity ISSO shall be the point of contact for the Cybersecurity Division in supporting all technical cybersecurity matters as it relates to quantifying technical risk within the agency.
- Ability to manage projects and work multiple large projects
- Contributes to the development of new ideas and methods related specifically to cyber security
- Ability to work on the complex cyber security problems/projects,
- Exercises independent judgement within broadly defined policies and practices
- Demonstrated experience in implementing various information technology solution and securing complex enterprise environments
- Independently develop Assessment & Authorization (A&A) packages (Risk Assessment, SSP, and Information Technology Contingency Plans
- Conduct all steps of the National Institute of Standards and Technology (NIST) Risk Management Framework
- Provide expert advice to developers, administrators, and others during system development lifecycle
- Assist in the Security Control Assessment (SCA) process, set and maintain schedules and ISSO checklists, improve security controls and enhance system security, and Develop Security Impact Assessments
- Manage Plans of Action & Milestones (POA&M) and assist with remediation.
- Conduct and review vulnerability scans (Nessus, WebInspect, IP360), make recommendations to senior leadership
- Act as the main POC expert for all security related matters for assigned systems
- Proactively monitor CERT and similar organizations for potential vulnerabilities that could impact assigned systems and develop mitigation plans
- Must have over 7 years of experience for the Agency's most complex systems with experience leading cybersecurity engineering efforts
- Extensive experience developing A&A packages, FISMA and NIST
- Superior communication skills
- Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53 and 800-53a or similar standards
- Previous experience creating all necessary Certification and Accreditation (C&A) documentation.
- Minimum of 3 years demonstrated experience with Enterprise Network devices (i.e. routers, switches, firewalls).
- Minimum of 3 years demonstrated experience with Operating platforms (i.e. UNIX, Solaris, and Microsoft) and others as required.
- 3 years of ISSO experience
- Experience effectively managing multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
- Ability to mentor and lead junior staff
- Take ownership of system security and meeting deadlines
- Guide engineers, analysts and managers on related programs
- Experience with Nessus, WebInspect, IP360 or similar tools
- Must meet Information Assurance Technician (IAT) Level III compliance
- Active Top Secret/Sensitive Compartmented Information clearance
Work Core Hours:
- Eight-hour workday, during the workweek: 8:00 am – 5:00 pm ET, Monday through Friday