District of Columbia
SAIC is seeking a ISSO Security professional for a Civilian contract. The Information Systems Security Officer oversees secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Oversee threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff.
Bachelor’s degree and fourteen (14) years or more relevant experience; Masters and twelve (12) years or more relevant experience.
At a minimum, 5 years in a Security management position
Experience developing and revising system-specific security safeguards and local operating procedures that are based on relevant guidelines and regulations.
Experience with NIST SP 800-37, Rev 1.0, NIST SP 800-53 Rev 4, NIST SP 800-137 and FedRAMP requirements and providing guidance to project teams on those guidelines and regulations.
Significant experience producing Information Security Documentations such as Systems Security Plans and developing and maintaining documentation outlining system operating environments (overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities) for systems which they are responsible.
Experience developing, supporting and providing security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, contingency plans and reports.
Experience coordinating and conducting regular system security audits in support of compliance with the overall System Security Plan to maintain Authority to Operate status.
Experience briefing technical vulnerabilities, system non-compliance with Information Security policies, and security incidents to project teams and executive level management.
Project Management Professional Cortication (PMP)
ITIL Foundations Certification
Uptime Institute AOS Certification