Cyber ISSO/ISSE

THE OPPORTUNITY:

Our Federal customer with a Systems Engineering & Integration (SE&I) program focuses on providing agency with advisory and technical services with the effort of helping them support the management of their various cyber programs. Supporting activities span a wide range of topics, including requirements formation, requirements feasibility analysis, technology subject matter expertise, cyber industrial technology awareness, information assurance, independent validation, and verification (IV&V), penetration testing, prototypes, enterprise architecture, technical documentation authoring and analysis of 3rd party technical documentation, and technology roadmaps.

RESPONSIBILITIES/QUALIFICATIONS: 

This role is 40/60 split between ISSO and ISSE functions.  As an information systems security officer (ISSO), you will oversee and manage all aspects of an organization's information security system, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches.  It will also encompass:

• Getting the system authorized for operations (ATOs)
• Continuous monitoring of system (ConMon) where they are responsible for monitoring and tracking system vulnerabilities and compliance issues
• Generates Plans of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues.
• Responds to data calls, scan requests and weekly and monthly reporting
• Generates security artifacts such as System Security Plans, Security Control Traceability Matrices, Configuration Plans and Contingency Plans and Testing, and Self-Assessment Test Plans

As an information systems security engineer (ISSE), you will safeguard networks against unauthorized modification, destruction, or disclosure.

• Conducts risk analysis on products reviewing CVEs, plugins, CWEs etc.
• Facilitates Technical Insertion for new products
• Reviews Change Requests for security impacts and technical documentation from a security perspective
• Participates in Agile Planning Events to provide technical input in addition to trade studies for tools, etc.

RESPONSIBILITIES/QUALIFICATIONS:

• Researches, evaluates, designs, tests, recommends, communicates, and implements new security software or devices
• Implements, enforces, communicates, and may develop internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations
• Manage all aspects of an organization's information security system, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches
• Conducts risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses
• Conducts trade studies for tools and participates in Agile Planning Events to provide technical input.

REQUIREMENTS:

• Bachelors’ Degree in Computer Information Systems with eight (8) years related experience
  OR
  12 total years of experience in Information Assurance and IT Security
• Active TS clearance is required

PREFERRED EDUCATION/EXPERIENCE/SKILLS:

• Experience in cloud security highly desired
• Cyber program experience within federal customer space a plus!
• Certifications such as CISSP, CEH, CISA, CAP highly desired