Information System Security Officer (ISSO)

About The Position

Requirements

• US Citizenship required
• Must be able to be pass US Government Clearance processes – DHS Public Trust with EOD and Secret or higher clearance
• Bachelor’s degree in a technical field and 8 years experience or high school diploma/equivalent and 12 years experience
• Good understanding of computer network security technologies used in the industry and related security configurations (e.g., DISA STIGs, CIS Benchmarks and settings)
• Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines
• Must have the ability to influence system stakeholders in the execution of security and compliance requirements
• CISSP certification

Nice To Haves

• Excellent communication skills
• Ability to work effectively in diverse, multi-national and virtual environments
• Self-motivated and tenacious and demonstrates sound judgment and integrity
• Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and other Cyber Security related laws, regulations and directives
• Experience of presenting at client meetings
• Experience of translating contractual security requirements to deliverables
• Knowledge of Federal Government Security, industry and market trends and CS&PS business and offerings:
• Understands federal security and regulations and DHS’ Security Policy and has in-depth knowledge of DHS’ Security Policy 4300a

Responsibilities

• Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates, and other tools to aid in the A&A process.
• Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommend essential safeguards.
• Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and recommends compensating controls.
• Prepares supporting materials for the security authorization package in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc.
• Maintains an inventory of hardware and software for the information system.
• Develops, tests and trains on Contingency and Incident Response planning.
• Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
• Experience in managing security Assessment and Authorization activities utilizing common control frameworks.
• Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
• Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
• Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS)
• Experience in coordinating, monitoring and tracking security activities across multiple organizations.
• Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders.