Information Systems Security Officer (ISSO)

Peraton

About The Position

Peraton is seeking an Information Systems Security Officer (ISSO) to join our team. The Information System Security Officer (ISSO) is part of the PERATON DHS’ Security team and plays a Cybersecurity operational compliance role within the Citizen Security and Public Services Sector (CS&PS). The position is responsible for performing as a named ISSO for a Government Systems and assisting other ISSOs with end-to-end Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities. Day to Day Work Responsibilities: Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented. Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing. Reviews and continuously monitors implemented security controls. Creates and maintains security checklists, templates, and other tools to aid in the A&A process. Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements. Performs risk analyses to determine and recommends essential safeguards. Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and mitigates system vulnerabilities and recommends compensating controls. Prepares supporting materials for the security authorization package in accordance with the client contractual requirements. Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc. Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc. Maintains an inventory of hardware and software for the information system. Develops, tests and trains on Contingency and Incident Response planning. Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting. Experience in managing security Certification and Accreditation activities utilizing common control frameworks. Experience with risk mitigation and selecting or designing appropriate security controls for implementation. Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings. Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS) Experience in coordinating, monitoring and tracking security activities across multiple organizations. Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders. Demonstrates understanding and experience with DevSecOps In a typical engagement, the ISSO operates as a trusted advisor in the organization, working with senior management and focusing specifically on the security environment in relation to client business objectives. The ISSO helps to understand operational issues and plans the next steps in collaboration with Cybersecurity Manager from an information security viewpoint. The position will be able to demonstrate industry expertise and thorough understanding of security governance, risk and compliance domain. This position requires the ability to interact and influence at an organizational level to carry out governance, risk and compliance activities.

Requirements

US Citizenship required; active Top Secret clearance
Bachelor’s degree in Computer Science, Computer Studies, Information Security and 8 years experience or MS/MA degree in Computer Science, Computer Studies, Information Security and 6 years experience or high school diploma and 12 years experience
Good understanding of computer network security technologies used in the industry and related security configurations (e.g., DISA STIGs, CIS Benchmarks and settings)
Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines
Must have the ability to influence system stakeholders in the execution of security and compliance requirements
Certifications Required: CISSP or CISM; At least one Cloud Security Certification: AWS Security Professional; CCSP; MS Azure Security Certification; CCSK
Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
Experience in managing security Certification and Accreditation activities utilizing common control frameworks.
Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS)
Experience in coordinating, monitoring and tracking security activities across multiple organizations.
Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders.
Demonstrates understanding and experience with DevSecOps

Nice To Haves

Certifications: CISA, CRISC, GSEC, CompTIA Sec+
Excellent communication skills
Ability to work effectively in diverse, multi-national and virtual environments
Self-motivated and tenacious
Demonstrate sound judgment and integrity
Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
Experience of presenting at client meetings
Experience of translating contractual security requirements to deliverables
Knowledge of Federal Government Security, industry and market trends and CS&PS business and offerings:
Understands federal security and regulations.
Understands DHS’ Security Policy and has in-depth knowledge of DHS’ Security Policy 4300a.

Responsibilities

Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented.
Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
Reviews and continuously monitors implemented security controls.
Creates and maintains security checklists, templates, and other tools to aid in the A&A process.
Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements.
Performs risk analyses to determine and recommends essential safeguards.
Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and mitigates system vulnerabilities and recommends compensating controls.
Prepares supporting materials for the security authorization package in accordance with the client contractual requirements.
Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc.
Maintains an inventory of hardware and software for the information system.
Develops, tests and trains on Contingency and Incident Response planning.