|
Information System Security Officer (ISSO) with Security Clearance - Ashburn Virginia
Company: Base One Technologies Location: Ashburn, Virginia
Posted On: 05/03/2024
Required Education/Experience Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university Primary Responsibilities Manage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles. --- Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems --- Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance --- Use workflows to develop security artifacts --- Document, organize and implement security control requirements --- Identify current and new risks --- Prepare vulnerability test plans and coordinate the testing and result procedures --- Assess customer based solutions and provide recommendations for any improvements to current security posture --- Ability to review and write security related policies and procedures Basic Qualifications --- Must have an interim Secret ClearanceIn addition to the specific clearance requirement, all personnel supporting CBP must have a current background investigation (BI) or obtain a favorable BI before joining the program. --- Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications --- Knowledge with auditing security controls and financial processes --- Superior writing, communication and critical analysis skills --- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures --- Advanced Experience/Knowledge with the following: --- NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes --- NIST 800-53 security controls and required documentation --- Security controls (i.eNIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives --- Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services --- Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures --- POA&M Management and Risk Management Framework (RMF) --- Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines --- Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations --- Reviewing vulnerability scan results Preferred Qualifications ISC2 Certified Cloud Security Professional certification (CCSP) Familiar with IT system administration/engineering More...
Register an account with us and set up job agents! We'll email you immediately when jobs like this are posted on our site.
|
|