Information System Security Officer (ISSO) with Security Clearance - Ashburn Virginia

Company: Base One Technologies
Location: Ashburn, Virginia
Posted On: 05/03/2024

Required Education/Experience Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university Primary Responsibilities
Manage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.
--- Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems
--- Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
--- Use workflows to develop security artifacts
--- Document, organize and implement security control requirements
--- Identify current and new risks
--- Prepare vulnerability test plans and coordinate the testing and result procedures
--- Assess customer based solutions and provide recommendations for any improvements to current security posture
--- Ability to review and write security related policies and procedures Basic Qualifications
--- Must have an interim Secret ClearanceIn addition to the specific clearance requirement, all personnel supporting CBP must have a current background investigation (BI) or obtain a favorable BI before joining the program.
--- Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
--- Knowledge with auditing security controls and financial processes
--- Superior writing, communication and critical analysis skills
--- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
--- Advanced Experience/Knowledge with the following:
--- NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes
--- NIST 800-53 security controls and required documentation
--- Security controls (i.eNIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
--- Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
--- Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures
--- POA&M Management and Risk Management Framework (RMF)
--- Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines
--- Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations
--- Reviewing vulnerability scan results Preferred Qualifications
ISC2 Certified Cloud Security Professional certification (CCSP)
Familiar with IT system administration/engineering More...

Register an account with us and set up job agents! We'll email you immediately when jobs like this are posted on our site.