Information Systems Security Officer

About The Position

Requirements

• 5+ years of experience with information assurance or cybersecurity
• Experience serving as an Information Systems Security Officer (ISSO)
• Experience managing and administering Assured Compliance Assessment Solution (ACAS) and Host-Based Security System (HBSS)
• Experience utilizing the Enterprise Mission Assurance Support Service (eMASS) to address security controls, create POA&Ms, and upload artifacts, such as STIG checklists or ACAS scans
• Experience with supporting system security and authorization processes
• Experience reviewing vulnerability documentation and writing Residual Risk statements
• Experience in reporting IT security events or incidents based on policies and procedures
• Knowledge of Microsoft Defender for Endpoint (MDE)
• Secret clearance
• Bachelor's degree

Nice To Haves

• Knowledge of Cloud-based infrastructure and DevSecOps principles and practices
• Ability to use and operate security tools, including Tenable Nessus, SecurityCenter, IBM Guardium, HP WebInspect, or Network Mapper
• Bachelor's degree in information technology

Responsibilities

• Perform ongoing system analysis activities for programs.
• Perform risk assessments of systems and equipment, assist engineers with identifying solutions for vulnerabilities, create and map Security Technical Implementation Guides (STIGs), submit change requests for system components, develop a Plan of Action and Milestones (POA&M), create documentation supporting Risk Management Framework (RMF) accreditations, perform vulnerability management using automated systems, and create and submit RMF packages.
• Brief the technical security posture to client leadership, prepare brief slides and summaries of vulnerabilities, and advise on how to prevent and mitigate future security threats.
• Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
• Implement infrastructure and cyber security controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Perform risk and vulnerability assessments in network, system, and application areas.
• Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.

Benefits

• Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care.
• Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values.
• Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
• Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits.