ISSO / ISSM

About The Position

Requirements

• Minimum SIX (6) years of experience in Cyber Security/ Information Assurance.
• Bachelors Degree
• Experience applying fundamental cybersecurity principles and concepts to tasks and projects.
• An ACTIVE and MAINTAINED DOD or Federal Secret Clearance
• Cyber certification - CISM, CISSP, or Security+
• Ability to work full time on site in Washington DC

Nice To Haves

• Experience working with networking, storage, intrusion detection/prevention systems, routers, switches, firewalls, logging, physical security systems, server, and workstation security configuration.
• Experienced with performing risk assessments on cloud computing platforms i.e., AWS, Google, Azure.
• Demonstrated ability leading successful teams and working in challenging situations.
• Strong written and oral communication skills and demonstrates leadership role with the client and fellow team members.
• Strong client leadership skills and ability to recognize opportunities for improvement to existing or future capabilities.
• Ability to lead teams to complete projects with attention to detail on tight timelines.
• Assures high quality work by taking advantage of learning opportunities and self-motivated.
• HVA Assessment Qualification

Responsibilities

• Apply fundamental cybersecurity principles and concepts to tasks and projects.
• Assess and implement NIST Cybersecurity Framework (CSF) guidelines, standards, and best practices for cyber security and risk management.
• Review disaster recovery capabilities (backups), Endpoint Detection and Response (EDR), Web Application Firewall (WAF), application whitelisting, host-based firewalls, etc. to provide continuous monitoring of end-user devices to detect and respond to cyber threats.
• Understand Governance Risk and Compliance (GRC) requirements, standards, and guidelines governing security within the Federal Government (e.g., NIST publications, FISMA, and OMB memoranda) and aligning IT with business objectives to effectively manage risk.
• Apply NIST Risk Management Framework (RMF), NIST SP 800-53 controls, Assessment and Authorization processes, POA&M management, and System Security Plan, FedRAMP, and SOC 2.
• Perform cybersecurity risk management, research and development, and leading practices.
• Gather and organize technical information about an organization's mission goals and needs, existing security products, and ongoing programs in cybersecurity.
• Develop strategies, roadmaps, assessments, and policies.
• Perform password auditing, network and web vulnerability scanning, virus management and intrusion detection.
• Monitor change management documentation to identify potential impacts to previous, current, and future security testing.
• Author risk narratives to communicate key risks to government CISO and security auditors.
• Support risk audits and assessments, provide recommendations for application design.
• Work with solution architects for security requirements on network architecture.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Care.com annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
• Position may be eligible for a discretionary variable incentive bonus