Full Time Employee Contractor
APPLICANTS SELECTED WILL BE SUBJECT TO A GOVERNMENT SECURITY INVESTIGATION AND MUST MEET ELIGIBILITY REQUIREMENTS FOR ACCESS TO CLASSIFIED INFORMATION. TOP SECRET CLEARANCE, CLEARABLE TO SCI IS REQUIRED WITH THE ABILITY TO GET DHS EOD.
ROLE AND RESPONSIBILITIES:
1. Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities;
2. Assist in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance;
3. Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations;
4. Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and
5. Provide expertise in classified and unclassified ratings to customers.
6. Work closely with Risk Analysts/Assessors to navigate the Security Authorization process and produce all appropriate accreditation documentation
7. Attend ISSO training course as required
8. Perform interpretations of monthly vulnerability scan results of assigned systems
9. Shall be able to manage security authorization and continuous monitoring requirements for single or multiple systems depending on the size and complexity.
10. Work closely with various engineering teams to integrate new applications for the enterprise and resolve Plans of Action & Milestones (POA&MS).
High profile, dynamic work environment supporting the front lines of our Homeland Security. Ability to work closely with and be a member of a team of senior information security professionals while gaining valuable information security experience.
QUALIFICATIONS AND EDUCATION/CERTIFICATION REQUIREMENTS:
The ISSO is the principal point of contact for information assurance activities at the IT system level. The ISSO is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. Must possess working knowledge of and experience with CNSS 1253, DCID 6/3 (with Protection Levels 1 - 5), ICD 503, ICS 500-8, DoDIIS, JDCSISSS, and other applicable IC information systems security authorization policies. Ideal candidate will have knowledge of Federal and DoD security-related guidance, including: DHS 4300A, DHS 4300B, DHS 4300C, DoDD 8500.01, DoDI 8500.2, DIACAP, etc. Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues. Must have excellent communications, teamwork, leadership and conflict management skills.
It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Candidates must possess a Bachelor??s Degree and 3-5 years or 4-6 years of relevant IA experience with no degree. Must possess experience with NIST standards. Candidates must possess experience interpreting vulnerability scanning results and working with and reviewing/analyzing audit logs, identifying anomolies and making risk-based decisions/recommendations.
Technical knowledge of Windows, Linux, Oracle database, cloud. Experience with FedRamp, Ongoing Authorization, Security Authorization, POA&M management, Patch Management, FISMA Scorecard reporting, Continuous Monitoring reporting, IACS/XACTA.