Microsysllc
Senior Information Systems Security Officer (Sr. ISSO)
Microsysllc, Chantilly, Virginia, United States, 22021
MicroSys (www.microsysllc.com) is providing Information Security as a Service (ISaaS) to the Department of Justice (DOJ), Federal Bureau of Investigation (FBI). The scope consists of the following areas: 1) Information Systems Security Engineering; 2) Information Systems Security Management; and 3) Information Systems Security Maintenance. As part of that mission, the OCIO provides cybersecurity strategy, training and services to the FBI enterprise.
Responsibilities:Information Systems Operations:Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities:Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each ISProvide liaison support between the system owner and other IS security personnelEnsure that selected security controls are implemented and operating as intended during all phases of the IS lifecycleEnsure that system security documentation is developed, maintained, reviewed, and updated on a continuous basisConduct required IS vulnerability scans according to risk assessment parameters.Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilitiesManage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)Coordinate system owner concurrence for correction or mitigation actionsMonitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phaseEnsure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSRJOB DESCRIPTION:ISSO, SrResponsibilities:· Knowledgeable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities· Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.· Demonstrated experience conducting information system security controls assessments (SCAs) and appling standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance· Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).· Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM , FISMA, DOD, DCID, FBI, etc.· Ability to research and address information security issues as required, being an authority on the subject.· Proven ability to multi-task and deliver on-time with the highest quality· Must have excellent written communication skills as the candidate's job will include written interaction with senior- level executives.· Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the results generated from these assessments.Minimum/General Experience:· B.S. degree required (B.S. degree may be substituted for 4 years of work experience, preferably in IT) plus 5 years of IT Security related experience (with min. 2 years of FISMA experience).· 7+ years of experience serving as an ISSO at a cleared facility.· 9+ years of professional experience in cybersecurity or computer science related field.· 7+ years of experience directly performing Assessments and Authorizations, knowledge of specific NIST guidelines including FIPS-199 and Special Publications 800-53, 800-18, 800-30, 800-37, 800-60.· Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.· Knowledge of information security engineering, design concepts and principles.· Ability to handle stress and work well under pressure, Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-tasking Ability, Oral and Written Communication SkillsOPPORTUNITYThis is a tremendous opportunity for experienced Sr. ISSO to further their hands on technical skills in full life cycle security engineering in a highly technical environment using excellent state of the art technologies. This program is of significant size, scope, and complexity that will allow the selected individual to expand and grow their career.
#J-18808-Ljbffr
Responsibilities:Information Systems Operations:Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities:Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each ISProvide liaison support between the system owner and other IS security personnelEnsure that selected security controls are implemented and operating as intended during all phases of the IS lifecycleEnsure that system security documentation is developed, maintained, reviewed, and updated on a continuous basisConduct required IS vulnerability scans according to risk assessment parameters.Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilitiesManage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)Coordinate system owner concurrence for correction or mitigation actionsMonitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phaseEnsure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSRJOB DESCRIPTION:ISSO, SrResponsibilities:· Knowledgeable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities· Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.· Demonstrated experience conducting information system security controls assessments (SCAs) and appling standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance· Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).· Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM , FISMA, DOD, DCID, FBI, etc.· Ability to research and address information security issues as required, being an authority on the subject.· Proven ability to multi-task and deliver on-time with the highest quality· Must have excellent written communication skills as the candidate's job will include written interaction with senior- level executives.· Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the results generated from these assessments.Minimum/General Experience:· B.S. degree required (B.S. degree may be substituted for 4 years of work experience, preferably in IT) plus 5 years of IT Security related experience (with min. 2 years of FISMA experience).· 7+ years of experience serving as an ISSO at a cleared facility.· 9+ years of professional experience in cybersecurity or computer science related field.· 7+ years of experience directly performing Assessments and Authorizations, knowledge of specific NIST guidelines including FIPS-199 and Special Publications 800-53, 800-18, 800-30, 800-37, 800-60.· Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.· Knowledge of information security engineering, design concepts and principles.· Ability to handle stress and work well under pressure, Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-tasking Ability, Oral and Written Communication SkillsOPPORTUNITYThis is a tremendous opportunity for experienced Sr. ISSO to further their hands on technical skills in full life cycle security engineering in a highly technical environment using excellent state of the art technologies. This program is of significant size, scope, and complexity that will allow the selected individual to expand and grow their career.
#J-18808-Ljbffr