Information System Security Officer Senior (ISSO)/ Information Assurance Engineer (GSA LCAT) – (Team 01)

About The Position

Requirements

• Minimum of 7 years of experience collectively with the following:
• Proven work experience as an Information Systems Security Officer or a similar role, preferably in a complex organizational setting.
• In-depth knowledge of information security principles, methodologies, and best practices.
• Familiarity with industry standards and regulations (e.g., ISO 27001, NIST, HIPAA, etc.).
• Experience in conducting risk assessments and implementing security controls.
• Experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 or DCID 6/3
• Proficiency in using security tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability management tools.
• Strong analytical and problem-solving skills to identify security gaps and develop effective mitigation strategies.
• Knowledge of incident response procedures
• Documented and demonstrated experience with troubleshooting and problem solving
• Documented and demonstrated experience as an individual consultant or a team lead
• Familiarity with the ATO process
• Active Top-Secret clearance with SCI eligibility
• Bachelor's degree in Information Systems Engineering, Computer Science, Engineering, Business or other related field. In absence of degree, additional years of experience may be substituted for educational requirements
• Minimum of 8 years of experience recommended.
• AWS Cloud Practitioner Certification (or similar)

Nice To Haves

• Splunk, JIRA, Confluence, Nessus
• Strong Excel experience
• Experience with Amazon Web Services and/or Microsoft Azure Cloud
• Experience implementing, reviewing, and providing recommendations on Cloud Security configurations
• Experience with Microsoft Windows Server and Linux
• AWS Associate Level or above Certification(s)

Responsibilities

• Serves as the principal advisor to the Information System Owner (SO), Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system.
• Ensures the implementation and maintenance of security controls.
• Directs and implements the necessary controls and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure, or destruction.
• Provides guidance and direction for the physical protection of information systems assets to other functional units.
• Provides reports to superiors regarding effectiveness of data security and makes recommendations for the adoption of new procedures.
• Assists with reviewing, developing, and navigating the system, team, and customer through the Authority to Operate (ATO) accreditation/certification documentation process.
• Performs network self-inspections.
• Creates new and edits existing documentation that forms the Authority to Operate (ATO) package to include the System Security Plan and IS contingency plan.
• Develops Plan of Action and Milestone (POAMS) from vulnerability data and enters them into the system of record.
• Applies comprehensive knowledge across key tasks and high impact assignments.
• Plans and leads major technology assignments.
• Evaluates performance results and recommends major changes affecting short-term project growth and success.
• Functions as a technical expert across multiple project assignments.
• May supervise others.

Benefits

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance