Information Systems Security Officer - Citadel

Semper Valens Solutions-posted 7 months ago
Full-time • Mid Level
Onsite • Fort Meade, MD
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Semper Valens Solutions is seeking a Security Analyst to join our cybersecurity team as an Information Systems Security Officer (ISSO) . The ideal candidate will hold a Certified Information Systems Auditor (CISA) or Security Plus certification and possess a hands-on understanding of information security practices, risk management, and compliance. You will lead in the implementation, maintenance, and enforcement of security policies to protect sensitive data and ensure compliance with applicable regulations and standards.

  • Responsible for continuous monitoring activities for systems to include monitoring for security threats, performing access reviews, reviewing and developing mitigation for vulnerability assessment reports, and proposing enhancements for systems security.
  • Support security operations centers (or similar capabilities) in supporting system reviews and potential incident investigations.
  • Maintain knowledge of the security architecture and the business purpose of systems.
  • Document and maintain knowledge of all relevant NIST 800-53 controls for each IT system for which the ISSO is responsible.
  • Update SSPs semi-annually and document any changes.
  • Certify the accuracy of continuous monitoring information for assigned systems.
  • Advise on proposed architecture or configuration changes using the established change and configuration management process.
  • Certify software planned to be introduced to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
  • Support the agency on periodic internal and external audits including support for the execution of identified corrective action plans as needed.
  • Evaluate and advise on all access requests for privileged accounts to IT systems.
  • Support and produce any artifacts that are required for Ongoing Authorization and the NIST Cyber Security Framework (CSF).
  • Perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self-assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on-site review results.
  • Attend weekly training sessions and staff meetings to gain an understanding of changes or clarifications to procedures.
  • Required to use a variety of tools to include the Government provided resourcing tool (used to execute and on-site review), eMASS (for control reviews), Requirement Tracking System (RTS) (to submit actions for review/signature). Other tools that will be used include the PPSM database, Whitelist Tool, DoD Information Technology Portfolio Repository (DITPR), and RMF Knowledge Service.
  • Conduct security architecture reviews to ensure that the program's architecture is in compliance with STIG requirements and best practices. This technical analysis will be considered in the risk analysis and documented/included in the certification recommendation.
  • Develop customized checklists based on the security architecture, special purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
  • Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk. This shall include reviewing and analyzing submitted POA&Ms with detailed technical justification and references for mitigations and determining if the proposed solution is adequate mitigation for approval. This technical analysis shall be documented/included in the statement of residual risk.
  • Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures and to determine residual risk.
  • Bachelor's degree in computer science, information systems, or another related field.
  • At least 10 years of experience performing or supporting the responsibilities of an ISSO in a US Government environment.
  • At least 10 years of experience in National Institute of Standards (NIST) cybersecurity standards and best practices.
  • One of the following certifications: Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) CompTIA Security +
  • Knowledge of US Government security regulations and methodologies: FISMA, FedRAMP, and NIST special publications.
  • Must hold a minimum Secret security clearance.
  • Must be a U.S. Citizen
  • Certified Information Systems Auditor (CISA) or Security Plus certification and possess a hands-on understanding of information security practices, risk management, and compliance.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service