Information System Security Officer

Role Overview

• Provide support to the designated Information System Security Officer (ISSO) to ensure customer systems maintain their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A and NIST SP guidance.
• Provide IT security assessment and IT security audit functions to ensure FISMA compliance.
• Support in developing and maintaining documentation in support of Certification & Accreditation (C&A) as required by the Federal Information Security Management Act (FISMA).
• Ensure all C&A and system security documentation is kept up to date and ensuring systems meet all security requirements mandated by DHS 4300A and DHS Management Directives.
• Prepare all reports and required deliverables, attend client and staff meetings.
• Follow the Information Systems Security Officer (ISSO) Guide, V10, when developing, updating, or reviewing required security artifacts.
• Ensure proper access controls are implemented for both system access and physical access to data processing facilities.
• Create, update, and assess compliance of system Authority to Operate (ATO) packages.
• Provide information security expertise to system development teams throughout the System Engineering Lifecycle process.
• Ensure Plan of Action & Milestone (POA&M) reports are maintained and that security vulnerabilities are tracked and remediated.
• Implement and apply technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
• Maintain network device and information security incident, damage and threat assessment programs.
• Investigate network device and information security incidents to determine the extent of compromise to national security information and automated information systems.
• Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and network and device security and encryption.
• Design, develop, or recommend integrated system solutions ensuring proprietary/confidential data and systems are protected in accordance with mandated standards.
• Configure and validate secure systems, tests security products/systems to detect computer and information security weakness.
• Generate security architecture documentation and provide critical written and verbal analyses of previously generated security architecture documentation and vulnerability and risk assessments.
• Design and implement plans of action and milestones to remediate findings from vulnerability and risk assessments.
• Provide information assurance for digital information, ensuring its confidentiality, integrity, and availability.
• Grant of authorization to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indicia of compromise, incident response and remediation, the development of appropriate policy, relevant user security awareness and training, and compliance with applicable government and other external standards.

Requirements

• Current active Top Secret with SCI eligibility
• FEMA EOD suitability (current FEMA EOD preferred)
• BS/BA + 7 years of applicable experience (or equivalent)
• At least 3 years of experience working with FISMA
• Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security
• Must have one of the following Information Assurance Technician (IAT) Level III qualifications: Certified Information System Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), or other applicable IAT or IAM cyber security professional certifications
• Knowledge of information security best practices, Enterprise Architecture, DHS experience
• Experience with Xacta IA manager and/or CSAM

Tech Stack

• Cyber Security

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits