At Evanhoe & Associates, we’re looking for outstanding professionals who share our commitment to quality, integrity, and service, and we work hard to cultivate a safe and rewarding workplace where you will thrive.

Summary:

Evanhoe and Associates is seeking a Senior Information Systems Security Officer (ISSO) to work in Washington, D.C. near the Navy Yard Metro station.

Evanhoe is seeking a Senior ISSO with experience as a DHS ISSO and ten to 12 years of information security management expertise in the DHS, DoD, and/or DOE environments. You must have advanced knowledge of network security concepts and best practices with a thorough knowledge of FISMA, NIST Risk Management Framework, and DITSCAP / DIACAP.

Job Duties and Responsibilities:

As Evanhoe’s Senior ISSO, you will manage the vulnerability mitigation and information security processes of a major Federal Department with a National Security mission. Primary responsibilities include:

• Produce actionable, risk-based reports on security assessment results
• Manage, train, and mentor junior team members
• Assist with vulnerability remediation when necessary
• Develop and maintain security plans and security testing plans
• Deliver expected results based on appropriate FISMA score category targets across seven of 11 security automation domains for Continuous Monitoring of system risk
• Direct Recertification & Accreditation activities for four classified IP-based networks and assist with managing the schedule to completion (ATO)
• Manage the security of information system assets and the protection of systems from intentional or inadvertent access or destruction
• Identify potential successful and/or unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event details and summary information
• Perform preliminary forensic evaluations of internal systems
• Work with stakeholders to understand their security needs and oversee the development and implementation of procedures to accommodate them
• Ensure that the user community understands and adheres to necessary procedures to maintain security
• Weigh business needs against security concerns and articulate issues to management and/or stakeholders
• Provide guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation
• Participate in special projects as required

Necessary Skills and Knowledge:

• Advanced knowledge of network security concepts and best practices including FISMA/NIST RMF and DITSCAP/DIACAP
• Experience managing vulnerability mitigation and information security processes in an enterprise environment
• Proven ability to lead customer-facing reporting and negotiation activities
• Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
• Ability to manage vendor relationships and track externally dependent patching activities

Minimum Qualifications:

• Possess 10 years of hands-on information security management experience in the DHS, DoD, and/or DOE environments – with some DHS ISSO experience mandatory.
• Possess an active Top Secret clearance as well as the ability to pass the DHS background investigation
• Possess a Bachelor’s degree in a relevant field or the equivalent combination of education, military service, professional training, and/or work experience required.
• Possess a CISSP certification or an equivalent (IAM Level II) or greater certification.
• Strong hands-on knowledge of Windows client/server; *NIX systems; VMWare; networking; VTC/ VoIP; device firmware; web/application servers; databases; and network architectures
• Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model; SDLC; ITIL; etc.)