Information Systems Security Officer (ISSO)

About The Position

Requirements

• US Citizenship required; active Secret clearance
• Bachelor’s degree in Computer Science, Computer Studies, Information Security and 8 years experience or MS/MA degree in Computer Science, Computer Studies, Information Security and 6 years experience or high school diploma and 12 years experience
• Good understanding of computer network security technologies used in the industry and related security configurations (e.g., DISA STIGs, CIS Benchmarks and settings)
• Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines
• Must have the ability to influence system stakeholders in the execution of security and compliance requirements
• Certifications Required: CISM
• At least one Cloud Security Certification: AWS Cloud Practitioner, AWS Security Professional; CCSP; MS Azure Security Certification; CCSK
• Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
• Experience in managing security Certification and Accreditation activities utilizing common control frameworks.
• Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
• Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
• Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS).
• Experience in coordinating, monitoring and tracking security activities across multiple organizations.
• Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders.
• Demonstrates understanding and experience with DevSecOps.

Nice To Haves

• Certifications: CISA, CRISC, GSEC, CompTIA Sec+
• Excellent communication skills
• Ability to work effectively in diverse, multi-national and virtual environments
• Self-motivated and tenacious
• Demonstrate sound judgment and integrity
• Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
• Experience of presenting at client meetings
• Experience of translating contractual security requirements to deliverables
• Knowledge of Federal Government Security, industry and market trends and CS&PS business and offerings:
• Understands federal security and regulations.
• Understands DHS’ Security Policy and has in-depth knowledge of DHS’ Security Policy 4300a.

Responsibilities

• Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates, and other tools to aid in the A&A process.
• Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommends essential safeguards.
• Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and mitigates system vulnerabilities and recommends compensating controls.
• Prepares supporting materials for the security authorization package in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc.
• Maintains an inventory of hardware and software for the information system.
• Develops, tests and trains on Contingency and Incident Response planning.
• Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
• Experience in managing security Certification and Accreditation activities utilizing common control frameworks.
• Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
• Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
• Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS).
• Experience in coordinating, monitoring and tracking security activities across multiple organizations.
• Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders.
• Demonstrates understanding and experience with DevSecOps.