Cyber Security Innovations (CSI) is seeking a Senior Zero Trust ISSO to join our team in support of our federal client located in Camp Springs, MD. The Information System Security Officer (ISSO) will have experience performing FISMA compliance for the federal government. They will be responsible for Security Authorization activities for CSI's client in accordance with National Institute of Standards and Technology (NIST) 800 series. A successful candidate will manage tasks related to the planning and preparation for security documentation related to the system authorization process. The individual should have extensive knowledge of cloud environments and FedRAMP processes. The individual should have a strong background in NIST 800-37, Risk Management Framework and NIST 800-53 security controls.

Responsibilities Include:

• Develop and update the information system security documentation for Zscaler / Zero Trust implementation and other systems (e.g., Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.)
• Ensure systems are appropriately patched and hardened.
• Coordinate the remediation of Plan of Action and Milestones (POA&M) with various groups.
• Facilitate and support the Ongoing Authorization Program.
• Effectively communicate technical information to non-technical personnel.
• Conduct ISSO responsibilities to include the approval of change request, review of audit logs, review of system accounts, and analysis of vulnerability scans.
• Develop waivers & exceptions for information system vulnerabilities.
• Work with clients to develop capabilities briefings and presentations.
• Provide security recommendations to the Risk Management Branch Chief.

Required Skills and Qualifications:

• Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.
• Must reside within a commutable distance to our client's location in Camp Springs, MD in order to work a hybrid onsite schedule (1-2 days / week onsite).
• Bachelor's degree in Information Systems / Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related field, or technical degree, or 4 years of relevant experience.
• Minimum of 7 years of total work experience.
• 2 years of technical experience working with Zscaler or Zero Trust technologies and implementations.
• Must have at least one of the following certifications (required): CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, Security .
• 7 years of experience in the following:
  • Design/implementation/consulting experience with Security, Compliance, and Risk Management.
  • US Government compliance and security standards, including NIST, FedRAMP, FISMA, ICD 503 and implementing security concepts / best practices.
  • Managing Certification and Accreditation and continuous monitoring activities utilizing common control frameworks.
  • Managing the security posture of cloud environments, and working with engineering teams to remediate, and communicating overall risk of environment while identifying areas of improvement.
  • Risk mitigation and selecting or designing appropriate security controls for implementation.
  • Coordinating, monitoring, and tracking security activities across multiple organizations.
  • Agile or DevOps methodologies for designing, developing, or delivering using appropriate automation techniques and tools.
  • Developing scripts/ dashboards.
  • CI/CD development pipelines (e.g., Jenkins, Ansible, Terraform).
  • Programming languages (e.g., Java, Python).
  • Container/ orchestration tools (e.g., Kubernetes, Docker, Puppet).
• Experience with:
  • Applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
  • Engineering/architecture for systems in the cloud; specifically, AWS, Azure and/or Google.
  • Working with core services, networking, security groups, or policy management in relation to Cloud resources across multiple operating systems.
  • Migrating or transforming legacy customer solutions to the cloud.
  • Advising customers on cloud architectures and designs meeting US Government accreditation standards.

Desired Skills and Experience:

• Extensive understanding of Cloud Computing technologies and migration challenges.
• Excellent oral and written communication skills for contact with customers via calls, chats, and email.
• Basic understanding of Zero Trust implementations.
• AWS, Azure, or Cloud Certification is Preferred.

Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.

CSI participates in the E-Verify Employment Verification Program.