What are the responsibilities and job description for the Sr. Security Specialist position at Conviso Inc.?
Sr. Security Specialist (ISSO)
Full-time
Location: Washington, DC - (onsite 5x per week)
Clearance Level: Top Secret/SCI
Required Skills:
Cyber Assessment: Intermediate Cyber Governance and Policies: Intermediate Cyber Security: Intermediate Cyber Strategy: Intermediate NIST Risk Management Framework: Intermediate
Responsibilities:
- Individual will be interacting with key Subject Matter Experts (SME) and Government Stakeholders while assisting other junior ISSOs.
- Manage and support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.
- Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks.
- Manage and support the review, creation and update security authorization documents as needed, but at least annually in the government’s A&A tools.
- Support Contingency Plan tests at least annually and updating the plan.
- Support system self-assessments as part of an Ongoing Authorization program.
- Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management.
- Maintain and manage the knowledge of inventory in accreditation boundary.
- Support the planning of Assessment and Authorization their assigned information system or information systems.
- Ensure Configuration Management processes are followed to ensure that any changes do not introduce new security risks and attend to the Change Control Boards.
- Respond to current and emerging requirements.
- Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.
- Manage and assist in duties articulated in the ISSO checklist (i.e. classified spill cleanup, Audit log review, Maintaining Privilege User and Physical access lists etc.).
- Strong experience in the RMF process.
- Ad hoc duties assigned by ISSM. Expected Deliverables: ATO documentation for systems going through the authorization process.
Education:
A Bachelor’s degree from an accredited university in a field such as information systems, computer science, engineering, Management Information’s systems or a related technical field.