Steampunk wants you to be a Senior Information System Security Officer (ISSO) on our team to support a government customer on site in Arlington, VA. The primary responsibilities for the position are to support all activities that ensure the level of security documented with the security authorization is maintained at an acceptable level of risk. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information. Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates. Contributions
- Security Compliance and Authorization: Conduct compliance assessments, prepare Security Assessment Reports (SAR), develop waivers or risk acceptance memos, and ensure systems maintain eligibility within the Ongoing Authorization program.
- Security Control and Vulnerability Testing: Perform extensive security control testing, configuration management, vulnerability monitoring, and remediation in line with NIST 800-53A and DHS standards, including Information Security Vulnerability Management (ISVM) and patch management.
- Risk and Contingency Management: Conduct risk assessments, devise security plans, manage system risk via POA&M tracking, and perform annual contingency plan tests.
- Documentation and Reporting: Maintain and update security authorization documents, ATO packages, and compliance documents, ensuring documentation meets regulatory standards and supports federal staff through audit processes.
- Collaboration and Compliance: Coordinate with Privacy, Records, and Information Governance divisions, provide audit support across financial and regulatory frameworks, and ensure security requirements align with the development cycle (Waterfall, Agile, SecDevOps).
- User Access and Configuration Management: Manage and review user accounts, enforce separation of duties, ensure CM processes are followed to mitigate new risks, and maintain an up-to-date system inventory.
- Monitoring and Continuous Improvement: Conduct self-assessments, monitor system security continuously, integrate emerging requirements, and improve processes to enhance security delivery.
- Communication and Stakeholder Engagement: Present system risks and findings, provide regular updates, and deliver risk briefings and reports to stakeholders, ensuring transparency in system security status.
- Process Innovation: Develop standardized language for control implementation, maintain internal operating procedures, and support the continuous evolution of assessment and authorization processes to meet security objectives.
Qualifications Required:
- Bachelor's Degree and 8 years of relevant IT cybersecurity experience; OR
- No degree and 12 years of experience, 2 of which must be in FISMA
- Knowledge of Security Compliance and Risk Management Frameworks: Expertise in NIST 800-53A, DHS standards, and risk management frameworks like FISMA, with hands-on experience in conducting security compliance assessments and developing risk management strategies.
- Technical Proficiency in Security Control Testing and Vulnerability Management: Proficiency in vulnerability scanning, configuration management, and patch management tools, along with the ability to analyze and address vulnerabilities in complex systems.
- Strong Documentation and Reporting Skills: Experience creating and maintaining comprehensive security authorization documentation, ATO packages, and compliance records, with the ability to convey technical findings clearly in both reports and presentations.
- Effective Collaboration and Communication Abilities: Skilled in coordinating with various teams (e.g., Privacy, Information Governance), providing audit support, and conducting risk briefings, along with the ability to communicate security requirements in the context of development cycles and stakeholder expectations.
- Process Improvement and Innovation Mindset: A proactive approach to refining security assessment processes, developing standardized language for security controls, and enhancing continuous monitoring practices to address emerging cybersecurity challenges effectively.
Preferred Skills
- Current experience providing ISSO support to DHS
- Experience supporting systems hosted in Cloud environments.
- Experience supporting systems in Agile and DevOps environments
- Desired personnel certifications from DoD 8140 , Intermediate or Advanced Foundational Qualification Options, for (722) Information System Security Manager.
- Intermediate includes:
- CGRC/CAP or CASP+ or CCSP or Cloud+ or SSCP or Security+ or GSEC
- Advanced includes:
- CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
About SteampunkSteampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $90,000 to $140,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk's total compensation package for employees. Learn more about additional Steampunk benefits here.Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit .We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.