Posted in

Information System Security Officer – Isso

Information System Security Officer – Isso

CompanySpry Methods
LocationWashington, DC, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
Degrees
Experience LevelSenior, Expert or higher

Requirements

  • TS Clearance with SCI eligibility.
  • 8 years of experience required.
  • Extensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMA.
  • Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure.
  • Analyze logs using Splunk and AWS tools.
  • Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk.
  • Work with GRC tools such as Xacta/JCAM
  • Hold at least one of the following security certifications: Security +, CGRC, CASP, CISSP.
  • Experience using Atlassian suite tools such as JIRA/CONFLUENCE.
  • Experience with Agile Methodologies/SAFe.
  • Expertise on Information Security Principles, processes and guidelines.
  • Able to obtain and maintain an Authority to Operate (ATO) for Information Systems.
  • Experience with scanning tools such as Tenable Nessus.
  • Ability to work on multiple projects with various timelines, at times very short deadlines.

Responsibilities

  • Serve as the principal cybersecurity advisor to system owners and stakeholders.
  • Design, analyze, and test information security systems, products, cloud architectures and cloud solutions.
  • Provide recommendations and/or alternatives to mitigate impact of system security boundary changes as part of any potential re-architecting and/or re-design activities.
  • Develop, implement, and evaluate security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability.
  • Perform risk analysis, vulnerability assessments, and security audits to identify and address potential weaknesses in cloud environments.
  • Follow all appropriate security authorization process for requesting and maintaining an Authority to Operate (ATO).
  • Responsible for ensuring operational security is maintained for assigned information systems.
  • Ensure systems are operated, maintained, disposed of in accordance with security policies and practices.
  • Perform Security Incident Reporting and Response.
  • Coordinate with the Office of the Chief Information Officer (OCIO), Security Division, and others to provide documentation to the system Certification and Accreditation process.
  • Ensure audits and reviews are responded to with accurate information.
  • Perform system access control responsibilities.
  • Participate in the change management process for assigned applications.
  • Work with Product Owner, Product Manager, OCIO, Security Division, and other stakeholders to ensure security concerns are addressed during all phases of system lifecycle.
  • Perform continuous system security monitoring.
  • Implement and manage cloud-native and third-party security tools for monitoring, threat detection and vulnerability management.
  • Act as a SME on Cloud Security while applying methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented.
  • Provides reports to superiors regarding effectiveness of data security and makes recommendations for the adoption of new procedures.
  • Draft and keep updated information security documentation to include System Security Plan, Information System Contingency Plan, Plan of Actions and Milestones (POA&M), Privacy Threat Assessment, Privacy Impact Assessment, and Configuration Management Plan.
  • Responsible for ensuring the implementation and maintenance of annual security controls assessments.
  • Assist with FISMA System audits as necessary. Leverage necessary vulnerability assessment and scanning tools including Nessus and ACSA to identify vulnerabilities, Splunk tools to monitor, detect and rectify misconfigurations.
  • Working directly with development, platform, and infrastructure teams on security problems.

Preferred Qualifications

  • Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security – Specialty, or other relevant certifications.
  • Experience in a high-side or multi-enclave (U/S/TS) environment.
  • Experience working with Agile development teams and CI/CD pipelines.
  • Familiarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible).
  • Familiarity with NIST 800-53 Rev. 5