Job Title: Lead, Information Systems Security Officer (ISSO)Location: Arlington, VirginiaClearance Level: DoD Top Secret ClearanceSummaryWe deliver essential technology services to our customers in support of their missions to sustain the national security and economic interests of our nation. SecuriGence is seeking a Senior Information Systems Security Officer to lead and help contribute to our success. Help us solve problems with Innovation Through Intelligence.Responsibilities
- Provide oversight of a team of ISSOs to ensure the quality and on-time delivery of A&A tasks and update leadership ongoing projects.
- Provide oversight for assigned network(s) by working with operation's staff to ensure compliance per STIGs and IAVM.
- Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.
- Develops, reviews, evaluates and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program's portfolio.
- This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.
- Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
- Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.
- Lead RMF A&A efforts including: activities within the A&A cycle and outside of the ISSO functions, work directly with ISSM, ISO, and AO, work with engineering and operations support staff to secure systems and ensure compliance, and provide oversight for existing and new POAMs.
- Provided POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.
- Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.
- Assist with IR activities providing by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.
- Work with the Security Tools Team to identity Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.
Skills and Experience
- Experience with DODI 8510.01, 8500.01, NIST SP 800-37, 800-137, 800-53 rev 4/5, 800-39, 800-171 and 800-171A for self-assessments; NIST 800-100, NIST 800-18.
- Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta and applying security categorization per the NIST FIPS 199 and NIST SP 800-60.
- Experience in performing and assessing Security and Privacy Controls per NIST 800-53 rev 4/5 and NIST 800-53a guidelines.
- Experience with systems engineering design and development toward a baked-in security design using Information Assurance best practices.
- Understanding of the FedRAMP process, coordinating with 3PAO's, and migrating on prem systems to an accredited cloud-based solution (e.g. AWS (GovCloud), Azure).
- Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS) and well-versed in interpreting risk posture resulting from assessment reports.
- Knowledge of vulnerability management, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint.
- Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
- Experience with Tenable's Nessus and/or Security Center, or Network Mapper is a plus.
- Risk assessment experience, especially with NIST SP 800-53 Threat identification, system security categorization, gap analysis, and compliance reporting.
- Must be able to validate security patches as they align to NIST guidelines, client policies and procedures, and OMB Mandates.
- Experience with creating or maintaining security artifacts as part of the ATO package including but not limited to; System Security Plan (SSP), Contingency Plans (CP), Disaster Recovery Plans (DRP), Plan of Action and Milestone (POA&M), Incident Response (IR), and other security documentation.
Qualifications
- Bachelor's degree; or can be substituted for Associate's degree with 5+ years relevant experience, or 10 years relevant experience.
- DoD Top Secret Clearance is required.
- IAT Level II Certification minimum.
AboutSecuriGence LLC (SG) is an agile, Veteran-owned small business headquartered in the Washington, DC metropolitan region. Established in April 2010 we have been supporting the Department of Defense and other United States Civil agencies in Systems Engineering, Software Engineering, Software Development, Cyber Security, and Cloud/Virtualization Management.SecuriGence provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.