top of page

ISSO Cloud SME

Job Description


The ISSO Cloud SME is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO, ASO and SSO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This also will include physical and environmental protection, personnel security, incident handling, and security training and awareness.


Performance Shall Include

  • Provides Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria.

  • Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.

  • Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.

  • Notify ISSM when changes occur that might affect the authorization determination of the information system(s)

  • Conduct periodic reviews of information systems to ensure compliance with the security authorization package.

  • Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change.

  • Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.

  • · Ensure all IS security-related documentation is current and accessible to properly authorized individuals.

  • Ensure audit records are collected, reviewed, and documented (to include any anomalies)

  • Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties.

  • Execute the cyber security portion of the self-inspection, to include provide security coordination and review of all system assessment plans.

  • Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them

  • Prepare reports on the status of security safeguards applied to computer systems.

  • Perform ISSO duties in support of in-house and external customers.

  • Conduct security impact analysis activities and provide to the ISSM on all configuration management changes to the authorization boundaries.

  • Provides Cloud Security Architecture and Compliance expertise.

  • Provides Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria.

  • Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.

  • Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.

  • Review and continuously monitors implemented security controls.

  • Creates and maintains security checklists, templates and other tools to aid in the A&A process.

  • Performs risk analyses to determine and recommends essential safeguards. Proactively mitigates system vulnerabilities and recommends compensating controls.

  • Prepares security authorization packages in accordance with the client contractual requirements.

  • Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.

  • Monitors and Maintains client-specific Plan of Action and Milestones and supports remediation activities.

  • Monitors and maintains an inventory of hardware and software for the information system.

  • Monitors and develops, tests and trains on Contingency and Incident Response planning.

Experience

  • 7+ years related experience

  • Prior performance in roles such as System, Network Administrator or ISSO

  • Hands-on experience with eMass, need to know RMF/NIST SP 800-53 rev4/5 controls and CCIs remediation/mitigation

Education

  • Bachelor’s degree or equivalent experience (4 years)

Certifications

  • CompTIA Security CE

  • CPTE - Certified Penetration Testing Engineer

  • CEH - Certified Ethical Hacker

Security Clearance

  • Current Secret Clearence

Job Type

  • Full-time

Benefits

  • 401(k)

  • 401(k) matching

  • Dental insurance

  • Flexible spending account

  • Health insurance

  • Life insurance

  • Paid time off

  • Tuition reimbursement

  • Vision insurance

Schedule

  • 8 hour shift

Application Question(s)

  • What is your desired salary range?

Experience

  • ISSO Could SME: 7 years (Preferred)

License/Certification

  • CISSP (Preferred)

  • Certified Information Systems Auditor (Preferred)

  • CompTIA Security+ (Preferred)

  • CEH (Preferred)

Security Clearance

  • Secret (Required)

Work Location

  • Remote

bottom of page