We are looking for an Information System Security Officer (ISSO) to join our team on an upcoming cyber security program supporting our federal client. The ISSO will perform risk management services for several security boundaries to include FedRAMP cloud hosted applications.

Responsibilities Include:

• Be knowledgeable of Federal, Departmental, and security regulations when developing functional and technical requirements; serve as a POC for Information System with security issues.
• Prepare and update reports to ensure that the unit complies with mandated internal and external security reporting requirements, including Federal Information Security Modernization Act (FISMA) and CPIC.
• Coordinate security program and system elements with the agency IT Program Managers by evaluating system environments for security requirements and controls including IT Security Architecture, hardware, software, telecommunications, security trends, and associated threats and vulnerabilities.
• Manage security controls to ensure confidentiality, integrity, and availability of information.
• Build security into the system development process and define security specifications to Support the acquisition of new systems.
• Review and sign off on system procurement requests to ensure that security has been considered and included.
• Adhere to and implement system security controls that ensure the protection of Sensitive but Unclassified (SBU) information using authentication techniques, encryption, firewalls, and access controls.
• Complete self-assessments.
• Assist in the A&A process.
• Update to the SSP for the program.
• Serve as a key advisor in risk assessments of all systems and mitigate vulnerabilities.
• Adhere to Continuous Monitoring practices to ensure that security controls are maintained over the life of IT systems.
• Update the electronic agency inventory for all agency computing devices.
• Assist the System Owner in the development, testing and maintenance of contingency plans, backup, and storage procedures.
• Document all procedures according to departmental standards.
• Audit and monitor application, system and security logs for security threats, vulnerabilities, and suspicious activities; report suspicious activities to the agency CIRC coordinator.
• Monitor and coordinate patch management and scanning techniques for all unit systems; participate in identification and mitigation of all system vulnerabilities.
• Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy.
• Support and facilitate security awareness, training, and education program.
• Assist the Information System Security Manager (ISSM) in any other security related duties, as required.
• Coordinate Incident Response with the agency System Owners (SO) to include all associated actions necessary to mitigate the risk to unit systems.
• Prepare and coordinate Incident Responses with the agency ISSM to include all associated actions necessary to mitigate the risk to unit systems.
• Computer investigations and forensics.
• POA&M Review/Processing.
• On a quarterly basis, update POA&M information in centralized authoritative source.
• Assist in and/or prepare Weakness Completion Verification Forms.
• Security architecture and engineering support.
• Develop, prepare and/or update SOPs as identified or as necessary.
• Consolidate all ISSO Activity Status Reports. Report requirements and format shall be established by the designated Government Task Lead after award.
• Support risk analysis and approval process for deviation/exemption requests to agency-wide Web Filtering, SSL Inspection, Data Loss Prevention (DLP), and IT Configuration Management policies, and perimeter Unified Threat Management (UTM) devices.
• Support risk analysis and approval for Standard Technical Implementation Guides (STIG) for commonly sure software across the agency (i.e., Windows Desktop/Server, Web Browsers, Databases).
• Technical writing and creation of formal documentation reports, training materials, slide decks, and architecture diagrams.

Required Qualifications, Experience, and Skills:

• Must be a US Citizen able to obtain an agency-specific Public Trust clearance prior to starting.
• 5-7 years of specialized experience in Cybersecurity and IT.
• Must reside within a commutable distance of Washington, DC or Reston, VA to work onsite as required.
• Significant knowledge in National Institute of Standards and Technology (NIST) Special Publications.
• Significant knowledge in the Federal Risk and Authorization Management Program (FedRAMP).
• Significant exposure to the various cloud platform offerings.
• Experience with Xacta.

Preferred:

• CISSP, CCSP, CIPP, CAP, CASP/GSLC/CISM/CSM or other industry standard security certifications