ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking Information System Security Officer's (ISSO) who has experience working with both Agile and Waterfall System Development Lifecycles (SDLC’s) and integrating RMF process into a Federal Information System. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities

Responsible for supporting Senior Information System Security Officers (ISSOs) with the following:

• Developing and maintaining System Security Plans (SSP).
• Implementing and managing NIST 800-53 Rev. 5 or laterSecurity Controls.
• Supporting the SA&A process.
• Supporting Continuous Monitoring activities.
• Managing POA&Ms and developing remediation strategies.
• Aligning systems activities to the NIST Cyber Security Framework (CSF).
• Supporting the incident response process.
• Identifying and supporting system Interconnection Security requirements.
• Supporting audit logging review and remediation activities.
• Providing OMB FISMA data.
• Developing and documenting incident reporting procedures for service desk, admins,and security staff for incidents.

Required Skills

Must have a good understanding of SDLC and RMF Process including:

• Experienceadvising government program managers on security testing methodologies and processes
• Experience performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response
• Experience evaluating certification documentation and providing written recommendations for accreditation to government PMs
• Experience reviewing system security to accommodate changes to policy or technology
• Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
• Experience advising the government concerning the impact levels for Confidentiality,
• Integrity, and Availability for the information on a system
• Experience conducting certification tests that include verification that the features and assurances required for each protection level are in place
• Experience with conducting and coordinating IS security inspections, tests, and reviews
• Experience assessing changes in the system, its environment, and operational needs that could affect the accreditation
• Experience preparing the finalSAR containing the results and findings from the assessment
• Experience with Initiating a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
• Experience performing risk assessments and making recommendations to customers

Certification Requirement

• At least one of the following computer security certifications : CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent

Education Requirement

• Preferred Education : Bachelors of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience

Years of Experience Requirement

• 5- 7 years of experience

Location

• Washington, D.C (Remote available)

Security Clearance

• Active Secret clearance is required