Role Title: ISSO Task Lead • Active TS required, must be eligible for SCI
• Two of the following certifications: CISSP, CAP, Security+, CISA, CRISC
• Bachelor’s Degree required
• 5+ years of expertise in Cybersecurity; 6+ years of expertise developing ATO packages for IT systems Role Description:
Provide ISSO support for the review of security assessments and associated documentation, and capture IT security changes of relevance and maintain IT system profiles in the Cyber Security Assessment and Management system (CSAM) repository both on premises and cloud instances. ISSO support will develop IT Security Plan of Action and Milestones (POA&Ms) from CSAM and aid planning and implementing migration strategies, as necessary, and perform annual security assessments, including NIST SP 800-53 assessment and independent security assessments, as required. The ISSO support will include developing and maintaining an IT System Security Compliance Schedule that address:
• POA&M Action Items
• Required ITSS reports/updates
• Change Control Board Meetings
• Scheduled Vulnerability Scans
Provide IT security professional staff to support the following activities:
• Collaborate with O&M support teams to develop and coordinate authorization documentation associated with the customer processes including the Systems Categorization, Systems Security Plan, and Systems risk assessment
• Review information system infrastructure and application architecture to assess security requirements, and confirm Security Authorization Scope, including identifying the hardware and software components to be covered by the Security Authorization Package.
• Conduct assessments of assigned information systems security requirements, evaluate current security posture and recommend priorities for remediation. Assess and plan the engagement, leveraging relevant work completed for other systems to achieve schedule cost savings and minimize impact on customer staff resources.
• Update System Security Plans (SSPs) for IT system and complete the appropriate activities in CSAM to permit the generation of a complete SSP; coordinate distribution of SSP for review by project teams and track progress; and revise applicable areas in the CSAM tool as required.
• Update and maintain associated security plans using templates for contingency plan; configuration management plan; incident response plan; and a security awareness, training, and education plan.
• Complete security test and evaluation (ST&E) of IT system using CSAM Tool: verify ST&E using test case; coordinate distribution of ST&E for review by project teams and track progress; and revise ST&E as required.
• Complete risk assessment for IT systems: verify risk assessment using test case; coordinate distribution of risk assessment for review by project teams and track progress; and ensure that accurate risk information is entered CSAM.
• Perform Independent Verification and Validation (IV&V) of controls as required.
• Complete Certification Statement: Review SSP, ST&E, and RA; and include vulnerabilities revealed in SSP, ST&E, and RA
• Draft, approve, and validate POA&Ms while ensuring they are kept up-to-date, accurate, and represent a true plan to mitigate identified security weaknesses.
• Assess NIST SP 800-53, Rev 4. Controls and document results
• Review and conduct NIST-based self-assessments, identifying any weaknesses which need to be addressed, and developing a POAM for each of those weaknesses based on industry best practices.
• Support and document security controls tests, assist in remediation, and ensure that POAMs are being appropriately managed.
• Evaluate and strengthen standard SA&A Documentation, Security Assessment Reports and provide security infrastructure recommendations (i.e. IDS, firewalls, vulnerability scan tools, etc.)
• Using CSAM, generate the C&A package.
• Assist with review and strengthening of Business Continuity and Contingency Plan documents
• Develop and submit memorandums from Certification Official, and Designated Approving Authority.
Posting ID: 610575776Posted: 2021-04-16Job Title: Task Lead