Alternative Information System Security Officer (A-ISSO) - U.S. Citizenship Required

ZenPoint Solutions•Washington, DC

just now•Onsite

About The Position

ZenPoint Solutions LLC (“ZenPoint Solutions”) is a rapidly expanding Information Technology (IT) services company in the federal sector. We foster a thriving, ambitious work environment that prioritizes employee well-being and a positive company culture. We invite you to join our team and help us shape a dynamic future as we deliver innovative solutions to address the nation's most critical IT missions. Clearance Requirement: Candidates must possess an active Secret clearance and be eligible to obtain a Full Scope Top Secret, and potentially a TS/SCI clearance, upon contract award Work Location: Washington, DC Work Schedule (On Site): Requires five (5) days onsite at the customer's facility Position Overview: ZenPoint Solutions is seeking an A-ISSO to join our team in providing advanced cybersecurity and system integration services. The ideal candidate is a proactive, self-motivated professional with extensive experience in securing information systems. In this role, the A-ISSO will ensure the appropriate security posture is maintained across various platforms, including cloud-based SaaS/PaaS solutions, server-based applications, databases, development environments, standalone systems, and desktop/laptops. They will oversee and assist in the implementation of controls and procedures to safeguard DOS information systems from unauthorized modification, disclosure, or destruction. Additionally, the A-ISSO will be responsible for updating key security documentation, including system security plans, change management protocols, incident response plans, and related policies and procedures.

Requirements

Candidate must be a United States Citizen and present proof of Citizenship, if selected
Bachelor's Degree in computer science, information systems, or a related field
5+ years of experience in Information Security (INFOSEC) operations and/or Cybersecurity-related support
Strong background and extensive experience with NIST SP 800-37, SP800-53, FISMA, and FedRAMP knowledge of current authorization practices, particularly within the DoD or DOS
Extensive background with DITSCAP/DIACAP may be substituted in some cases
Experience with security efforts related to modern Windows, Cloud computing (Azure/AWS), Linux, Cisco, SQL or Oracle databases, and virtual computing. This may also include some system administration work with an emphasis on security control implementation
Experience with using GRC tools such as Xacta, Archangel, eMASS
Highly motivated professional capable of managing a demanding workload and competing priorities
Self-starter with the ability to gather input from stakeholders and adapt to changing project requirements
Exceptional attention to detail and an efficient and disciplined work approach
Excellent communication skills with a high level of integrity and leadership
Strong problem-solving, critical thinking, and multitasking abilities

Nice To Haves

5+ years of experience with the Risk Management Framework (RMF) within the Intelligence Community (IC), DOS, and/or Federal Systems community
CAP, CASP, CISSP, or CISM desired

Responsibilities

Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
Maintain the operational security posture of information systems
Create and maintain existing information system security documentation, including SSP, Security Controls Traceability Matrix (SCTM), and Risk Management Framework (RMF) Body of Evidence
Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
Write security control implementation details describing how security features are implemented based upon the requirements set forth by NIST 800-53
Prepare system documentation for assessment in accordance with RMF, FISMA and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; assist in writing remediation plans for findings, create Plan of Action (POA&M) in the GRC tool, and track them to closure
Participate in Authority to Operate Assessment activities in support of Security Control Assessors and Information System Security Managers
Create security policies and maintain existing information system security documentation
Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
Participate in the change management process, including reviewing “Change Requests” and assisting in the assessment of security impact of proposed changes
Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components
Continuously review and evaluate best practices for implementing a comprehensive audit program
Implement vulnerability management programs including tracking, remediating and closing of identified vulnerabilities
Support penetration testing efforts
Provide direction and guidance to less experienced cybersecurity personnel
Remain sensitive to security infractions and assist in security investigations and responses as requested
Assist with conducting contingency plan testing and remediate weaknesses identified during testing
Oversee system recovery processes to ensure that security features and functions are fully restored and operating correctly after an outage
Effectively communicate both verbally and in writing with government and industry stakeholders