Information System Security Officer (ISSO)

  • Full-time

Job Description

This position will be responsible for providing expert level support in the implementation of the Risk Management Framework (RMF) in accordance with the National Institute of Standards and Technology (NIST). This includes providing and maintaining all security assessment and authorization (SA&A) packages for completeness in an acceptable format using automated and manual inputs to ensure compliance with FISMA and other Federal and agency standards. Additionally, this position is largely focused on operational and technical security capabilities to include incident handling and analysis, entity scanning and reporting of results directly to the CISO (patch, vulnerability, real-time intrusion detection, and baseline compliance), as well as both configuration and review of intrusion detection and prevention tools as required to assess and improve the overall security posture of the organization.

Qualifications

 

  • Bachelor’s degree and at least five (5) or more years of direct experience in computer and systems security. Six (6) years of general IT experience is equivalent to a bachelor’s degree.
  • 5+ years of experience providing direct support to Federal IT compliance initiatives including the preparation/development of annual FISMA reports, compiling responses to Federal information requests, and implementing provisions set forth by the OMB, DHS, and other Federal guidance entities.
  • Required DOD 8570-01M IAT Level II certification (CompTIA Security +, CASP, CeH, or equivalent)
  • Experience with DOD 8510 (DIACAP and RMF), DoD 6510 and 8500 series instructions, and NIST 800 series guidance
  • Experience documenting and assessing RMF controls, Plan of Actions and Milestones (POA&Ms), and vulnerabilities in eMASS.
  • Extensive knowledge and experience in Information Certification & Accreditation Regulations, Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) guidance
  • Extensive knowledge and experience in Security Assessment and Authorization (SA&A) process in alignment with the NIST Risk Management Framework
  • Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulations
  • Experience working with information security practices, networks, software, and hardware
  • Experience reading and interpreting DOD STIG results from SCAP scans and self-assessment checklists via STIG Viewer.
  • Strong analytical skills with the ability to analyze data sets to determine trends, establish strategies, and make decisions about real time threats as well as identification and elimination of false positives from operational reports.
  • Experience with DISA's security change request procedures is highly desirable.
  • An active DOD Top Secret SSBI clearance is required for this position.

Additional Information

 

  • Job Location:     Fort Meade, MD
  • Job Type:           Full-Time
  • Pay:                   Up to $120K/yr (Depends on Experience)
  • Clearance:         DOD Top Secret SSBI