Secret Cleared Senior ISSO in Washington, DC

View All Business Services jobs

Industry:

Business Services   •  

15+ years

Posted 8 weeks ago

Responsibilities


  • Produce error free government IT system Security Authorization (SA) Packages.
  • Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted SA packages.
  • Draft, submit and manage IT system Plan of Action and Milestones (POA&M).
  • Advise and assist the Government System Owner (SO) with the Lifecycle SA process and develop a Systems Security Plan (SSP).
  • Monitor and track projects in the SA test queue.
  • Maintain and manage a document repository where SA project documentation is stored (i.e. XACTA).
  • Work closely and act as the system liaison with developers to identify the appropriate certification/approval processes and authorities.
  • Record/register actions concerning project approvals to operate in the SA database.
  • Read and analyze SSPs and develop understanding of systems and applications into security test plans.
  • Coordinate and lead SA actions and system testing with appropriate security personnel.
  • Prepare and Review error free Vulnerability Remediation Plans (RP).
  • Take the lead in Assembling and submitting SA packages to Principal Accreditation Authority/Designated Accreditation Authority (DAA) that include, but are not limited to: SSP, RP, Contingency Plan (CP), Contingency Plan Test (CPT), Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), etc.
  • Review IA Compliance Validation Tests and Reports.
  • Act as SA project register, managing the SA registration process.
  • Perform as a Security Consultant to the assigned Government Program/System.
  • Establish and maintain positive working relationships with all government IT System Stakeholders.
  • Act as a leader and mentor to junior ISSO team members.

Required Qualifications

  • 15+ years of experience in Information Security, with a concentration on SA and ISSO responsibilities as it applies to the US Government, or 8+ years and a Master's degree in Cyber Security.
  • Extensive experience developing A&A packages, FISMA and National Institute of Standards and Technology (NIST).
  • Active Secret level security clearance (no current/open/ongoing re-investigations).
  • At least one Cyber Security Certification (e.g. Security +, CISSP, CISM, etc.).
  • Must possess demonstrated experience in all phases of preparing and reviewing complete Security Authorization (SA) packages for information technology systems and/or applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by NIST guidance.
  • Experience with Nessus, WebInspect, IP360 or similar scan tools.
  • Be able to communicate effectively through written and verbal means to co-workers and government senior leadership.
  • Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals and milestones are met.
  • Be prepared to take full responsibility for the performance of IA Compliance Validation Tests, reports, and tracking.
  • Be prepared to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessments/mitigation approaches.
  • Be able to work well with collateral engineers, analysts and managers on related programs.
  • Be able to conduct effective and error free vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53.
  • Take full ownership of system security and meeting program/system deadlines.
  • Be prepared to assume a leadership role and assist the onsite PM in the day-to-day management of the ISSO team.
  • Ability to mentor junior staff.

Desired Qualifications


  • Possess an advanced Cyber Security Certification (CISSP, CISM, CASP).
  • Possess a B.A. or B.S. degree in related field.
  • Ability to act as a trusted consultant and offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches.
  • Extensive knowledge of DHS requirements security requirements (i.e. DHS 4300).
  • Be a Subject Matter Expert (SME) in the fields of NIST publications, FISMA requirements and reporting, privacy data identification and handling, security engineering, certification and accreditation (C&A) procedures, security architecture, vulnerability assessments, computer forensics, computer network defense, and policy development.
  • Team eGT's ideal candidate is a cyber leader who will thrive in a fast paced environment that demands accountability from each team member.