Job Details

ID #12205772
State District of Columbia
City Washington
Job type Full-time
Salary USD TBD TBD
Source MindPoint Group, LLC
Showed 2021-04-13
Date 2021-04-02
Deadline 2021-06-01
Category Et cetera
Create resume

Information System Security Officer (ISSO) - Mid (Public Trust)

District of Columbia, Washington, 20001 Washington USA

Vacancy expired!

Job Description

This position is contingent upon award. The candidate will ensure that security requirements for information systems meet FISMA requirements. The candidate will be responsible for:

  • Cybersecurity work related to operation systems, application, logging and monitoring, NIST/FISMA compliance compliance, remediation, and patch management.
  • Monitor system configuration to ensure that the systems are operating in accordance with the approved benchmarks. Document and track resolution of issues and problems via POAMs.
  • Leverage aggregated cyber logs to support continuous monitoring activities.
  • Perform application updates, patches to the scoped components for the tools (e.g. the application layer components).
  • Properly track and account for configuration items identified in accordance with the Configuration Management Plan, including both standard and enterprise-wide change management procedures.
  • Support Vulnerability Scanning activities and distribute to appropriate Information System personnel assigned the role of application, infrastructure or database administrator. This includes application, code or operating system scans.
  • Track and resolve findings at the assigned level of criticality in accordance with requirements set in the Vulnerability Management Plan and NIST guidance on minimum security controls.
  • Develop and update security authorization packages in accordance with the client’s requirement and compliant with FISMA. Core documents that the candidate will be responsible for are the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
  • Develop and maintain the Plan of Action and Milestones and support remediation activities.
  • Validate that protective measures for physical security are in place to support the systems security requirements.
  • Maintaining an inventory of hardware and software for the information system.
  • Develop, coordinate, testand trainon Contingency Plans and Incident Response Plans.
  • Perform risk analyses to determine cost-effective and essential safeguards.
  • Support Incident Response and Contingency activities.
  • Perform security control assessment in using NIST 800-53A guidance.
  • Conduct Independent scans of the application, network and database (where required).
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.

Functional Responsibilities:

The ISSO should be intimately familiar with some aspects of the following:

  • Federal Government Information Assurance policies and regulations to include OMB requirements, FISMA, and NIST 800 series
  • OMB A-123 circular; OMB A-130 circular; FIPS 140, 199, 200, 201; NIST SP 800-18, 37 Revision 1, 39, 53 Revisions 3 and 4, 53A Revision 1, 60 Volumes 1 and 2, 800-64 Revision 2, 137, 144, 147; CNSS 1253 and risk management methodologies
  • Automated vulnerability and risk assessment tools such as Nessus, AppDetective/DbProtect, Hailstorm, McAfee Vulnerability Manager (Foundstone), and NMAP

Qualifications

  • US Citizenship with the ability to get a Public Trust is required
  • 4+ years’ experience with NIST, FISMA, and Security Assessment & Authorization
  • Minimum Education: Bachelor’s Degree or equivalent experience
  • Experience with patch management for security tools and ability to maintain systems
  • Thorough understanding and knowledge of FISMA and SA&A process.
  • Experience with vulnerability assessments tools such as Nessus, Foundstone, Cenzic, DBProtect, nd BigFix
  • Understanding and experience with CSAM is a PLUS
  • Experience with NIST publications, OMB circulars and memoranda, and CNSS publications and their requirements and impact on system security

Additionally, individuals must demonstrate proficiency in the following areas:

  • Proficiency in writing technical analysis reports
  • Strong written and oral communication skills
  • Critical thinking
  • Strategy development
  • Balancing security requirements with mission needs
  • Good judgment and business acumen
  • Relationship management
  • Project management (ability to track detailed tasks and ensure timely delivery)
  • Ability to work quickly, efficiently and accurately in a dynamic and fluid environment

Additional Information

  • All your information will be kept confidential according to EEO guidelines
  • Equal Opportunity Employer Veterans/Disabled

Vacancy expired!

Subscribe Report job