Mid-Level Information System Security Officer (ISSO)

ECS is seeking a Mid-Level Information System Security Officer (ISSO) to work remotely.

ECS Federal, LLC is seeking a highly qualified Mid-Level Information System Security Officer (ISSO) with an active Secret clearance to support our DoD client, located in Seaside, CA and Alexandria, VA. This position can be remote, but preferably in close proximately to the National Capital Region (NCR). The selected, highly motivated candidate will serve as the advisor to one or more Information System Owners, Business Process Owners, and Information System Security Manager (ISSM) on all matters, involving the security of an information system.

• Serve as a mid-level ISSO for one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security
• Promote the DHRA/DMDC Risk Management Framework maturity
• ATO Program Owner Support
  • Act as a facilitator between Program and Product Owners and other Cybersecurity stakeholders for coordination of communication and activities within eMASS.
  • Advise program stakeholders on ATO requirements and identify any missing information in eMASS.
  • Explain non-compliant controls and propose solutions to stakeholders
  • Provide support for program teams on eMASS toolset usage, RMF policies, and additional cybersecurity topics, e.g., cATO, system network traffic diagrams, documenting PPSM, RMF control remediation, etc.
  • Support Program/Product Owner for their given assessments, validations, and audits with respect to eMASS access and clarifications.
• EMASS
  • Monitor RMF authorization status through eMASS and maintain and communicate a schedule of actions and timelines needed to obtain and sustain system/application authorization.
  • Create and maintain entries within eMASS instances for applications with required artifacts associated to the relevant Common Control Identifier (CCI) security controls. Artifacts will be provided by DHRA program, product, or project managers.
• STIGS
  • Develop STIG/Control crosswalk documentation to application functionalities to determine how those controls impact the app/system; upon mitigation then take the necessary supporting documentation and screenshots from program, product or project managers and update the associated controls and POAMs in eMASS
  • Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation. Other STIG tools may be applicable
• POA&Ms
  • Ensure POAM entries are kept current in eMASS and report on POAM statuses. Submit POAM workflow requests in eMASS for item closure or extension.
  • Coordinate with stakeholders to develop POA&M milestones, identify and allocate resources and determine the remediation schedule
• Align roadmaps, update eMASS timelines and POAMs, and coordinate communication with Cybersecurity Division.
• Identify efficiencies and employ available and approved procedures or templates for repeatable methods for any shared requirements across applications.
• Participate in Cyber Compliance Meetings as needed.
• Create presentations and metrics as requested. Create weekly, monthly, and in-progress review presentations, as needed

General Description of Benefits

• Must be a US citizen, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested
• Bachelor's degree in computer science, cybersecurity, information security, or similar discipline and 5 - 8 years of cybersecurity experience, in support of the DoD or other federal clients (education/experience substitution allowed)
• Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP CE, CISSP, Security
• Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls
• Display technical experience with conducting research and providing review recommendations of software and technologies
• Experience developing and managing POAMS in eMASS
• Experience with reviewing vulnerability scans and providing mitigation techniques
• Broad technical knowledge is required to review DISA Security Technical Implementation Guides (STIGs)
• Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
• Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
• Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk