Information Systems Security Officer (ISSO)

About The Position

Requirements

• Active Top Secret Clearance
• Bachelor's degree in Information Systems Technology, Computer Science, Engineering, or related field, and 5+ years of experience in cybersecurity or risk management OR In lieu of BS, 9+ years of experience with any of the following certifications: CISSP, CISM, CAP, CASP+
• Experience with application installation, configuration, and operational procedures in support of cybersecurity mandates
• Ability to conduct the entire Risk Management Framework (RMF) through all seven steps
• Experience with supporting information assurance and cybersecurity development of security plans or packages supporting Assessment and Authorization (A&A) of IT systems Authority to Operate (ATO), including the implementation and assessment of cybersecurity controls
• Experience with cyber continuous diagnostics and mitigation tools, such as Splunk and Graylog
• Experience reviewing NESSUS/ACAS vulnerability scans and reviewing audit logs, including Security Technical Implementation Guides (STIGs) and Information Assurance Vulnerability Alerts (IAVA)
• Ability to assess current and evolving security threats in an operational environment
• Ability to work ONSITE in Quantico VA

Nice To Haves

• This position may require the successful completion of a Counterintelligence (CI) Polygraph

Responsibilities

• Ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs.
• Coordinate with other ISSOs to ensure interconnection, policy, and procedure requirements are met and documentation is provided and updated.
• Advise the customer on the use of methods such as encryption technology, vulnerability analysis, and security management standards to protect systems and applications to meet Federal Information Security Modernization Act (FISMA) requirements.
• Prepare documentation such as Configuration Management Plans, Incident Response Plans, Information System Contingency Plans, and Plan of Action and Milestones (POA&M).
• Identify IA vulnerabilities and coordinate with Infrastructure and Development teams to correct, mitigate, or apply for an exception via POA&M processes.
• Review vulnerability and compliance SCAP and/or DISA STIGs scans on infrastructure and applications to ensure patch and configuration compliance.
• Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.
• Attend and represent program security interests in various meetings.
• Schedule and conduct meetings with pertinent program personnel to address findings and determine the appropriate path forward.

Benefits

• FULL EMPLOYEE approach where each employee’s professional and personal well-being is considered.
• Focus on employee development, success, and morale.
• Consecutive top ranking as the Best Place to Work by the Washington Business Journal as a thirteen-time honoree.
• Included on the Inc. 5000 Fastest-Growing Private Companies in America list nine times since 2014.