Information Systems Security Officer

About The Position

Requirements

• Two (2) years of cybersecurity experience is required, including one (1) year of FISMA-related experience
• Bachelor’s Degree or Master's Degree in related IT field
• One of the following certifications (may be obtained within six (6) months of hire): Certified Information System Security Professional (CISSP) CompTIA Advanced Security Practitioner (CASP) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) Systems Security Certified Practitioner (SSCP) Certified Information Security Manager (CISM)
• Knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications (800-53 rev 4/5), particularly those associated with the Risk Management Framework (RMF)
• Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
• Knowledge and experience with vulnerability scanning, assessment, and analysis
• Knowledge and experience with operating system (Windows and/or Linux) and networking (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
• Knowledge and experience with information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
• Knowledge and experience with application security, database security, and operating system security
• Ability to assess and weigh current and evolving security threats in an operational environment
• Ability to apply basic knowledge of information assurance concepts, practices, and procedures
• Ability to interview system stakeholders to properly document security controls
• Participated in independent and self-assessments
• Ability to perform ISSO duties to at least one system

Nice To Haves

• Current experience providing ISSO support to DHS
• Knowledge of DHS Information Security Policy Directives and Handbooks is preferred
• Familiarity with Jira and Confluence

Responsibilities

• Create, monitor, and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates
• Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks
• Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan
• Review and update security authorization documents as needed, but at least annually
• Help coordinate with the customer’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements
• Support Contingency Plan updates and tests
• Perform system self-assessments as part of an Ongoing Authorization program
• Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management
• Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)
• Maintain knowledge of inventory in accreditation boundary
• Proactively ensure security requirements are included in development cycle (Waterfall or Agile)
• Use DHS and mandated enterprise IA Compliance Tools
• Support the planning of certifying and accrediting their assigned information system or information systems
• Ensure Configuration Management processes are followed to ensure that any changes do not introduce new security risks
• Respond to emerging requirements or policies as set by legislation, regulation or policy
• Participate in DevOpsSec (security integrated into Agile processes) requirements for assigned systems.