Our organization is seeking an experienced Senior Information Systems Security Officer (ISSO) to help protect our client’s data from unauthorized access. We are a Women-Owned Small Business (WOSB) located in Chantilly, VA. This role is onsite in Scottsdale, AZ. This role will require experience in supporting the initial delivery and authorization of major DoD systems on-prem and in commercial cloud. Our ideal candidate is a CISSP, or CISM with 5-10 years of experience in information technology or cybersecurity.
This will include knowledge of DoD physical and environmental protection, personnel security, incident handling, and security training and awareness. It will be required to work in close coordination with the ISSM, System Owner, and DoD Authorizing Officials. This will include, but not limited to, developing and updating the system authorization documentation, support for sustained cybersecurity, and implementing configuration management across authorization boundaries. You will also be expected to assist the ISSM in the performance of their daily activities to include assessing and addressing security anomalies and adversary actions, proving recommendations and coordination of changes.
In this role, you will:
Work in close collaboration with the client Information System Security Manager (ISSM), Information System Owner (ISO), and DoD Authorizing Official team.
Create and maintain existing information system security documentation, including SSP, SCTM, and Risk Management Framework (RMF) Body of Evidence
Ensure the appropriate operational security posture is maintained for assigned information systems.
Prepare system documentation for assessment in accordance with RMF and NIST Special Publications (800-37, 800-53, and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance.
Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package.
Work with the Cyber Security team to perform basic system administration and maintain various Cyber Security tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities.
Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes.
Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components.
Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment.
Communicate well, both verbally and in writing, with both government and industry audiences
DoD 8570.1 / DoD 8140.01 certification (IAT Level II, IAM level II, IASAE LevelII)
Bachelor’s degree (preferably in IT, Cyber Security, Computer Science, Information Systems Management, Engineering, or similar field of study)and have 4+ years’ experience with information networks and related security concerns; or a master's degree with 2+ years’ experience.
Strong background and extensive experience with RMF, ICD 503, NISTSP800-53, JSIG or DJSIG
Knowledge of current authorization practices, particularly within the DoD.
Experience with security efforts related to modern Windows, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing.
Experience implementing and using various Cyber Security tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and endpoint protection.
Security Clearance Requirements:
Must hold a minimum Secret clearance
Flexible spending account
Health savings account
Paid time off