System High Corporation
Senior Information Systems Security Officer (ISSO)
System High Corporation, Arlington, Virginia, United States, 22201
Job Location:
ARLINGTON, VA 3 (DARPA) - Arlington, VAPosition Type:
Full TimeSenior Information Systems Security Officer (ISSO)Location:
Arlington, VirginiaResponsibilities:
Provide oversight for assigned network(s) by working with operation's staff to ensure compliance per STIGs and IAVM.Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.Develop, review, evaluate and verify self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies, and organizational security policies in Information Systems (ISs).This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool.Ensure that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.Lead RMF A&A efforts including activities within the A&A cycle and outside of the ISSO functions.Provide POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.Assist with IR activities by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.Work with the Security Tools Team to identify Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.Qualifications:
Skills and Experience:
Experience with DODI 8510.01, 8500.01, NIST SP 800.37, 800.137, 800.53 rev 4/5, 800-39, 800.171 and 800.171A for self-assessments.Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta.Experience in performing and assessing Security and Privacy Controls per NIST 800.53 rev 4/5 and NIST 800.53a guidelines.Experience with systems engineering design and development toward a "baked in" security design using Information Assurance best practices.Understanding of the FedRAMP process, coordinating with 3PAOs, and migrating on-prem systems to an accredited cloud-based solution.Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS).Knowledge of vulnerability management, risk management, project management, proficient with Microsoft products: Word, Excel, PowerPoint.Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.Experience with Tenable's Nessus and/or Security Center, or Network Mapper is a plus.Risk assessment experience, especially with NIST SP 800.53 Threat identification.Must be able to validate security patches as they align to NIST guidelines, client policies and procedures, and OMB Mandates.Experience with creating or maintaining security artifacts as part of the ATO package.Qualifications:
Bachelor's degree; or can be substituted for Associate's degree with 5 years relevant experience, or 10 years relevant experience.DoD Top Secret Clearance is required.IAT Level II Certification minimum.Additional Information:
This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.System High values the power and strength of diverse backgrounds on the culture and performance of our company. We strive to maintain an inclusive culture to encourage each employee to bring their whole self to the mission.System High Corporation is an Equal Opportunity/Affirmative Action Employer.Warning:
Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.
#J-18808-Ljbffr
ARLINGTON, VA 3 (DARPA) - Arlington, VAPosition Type:
Full TimeSenior Information Systems Security Officer (ISSO)Location:
Arlington, VirginiaResponsibilities:
Provide oversight for assigned network(s) by working with operation's staff to ensure compliance per STIGs and IAVM.Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.Develop, review, evaluate and verify self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies, and organizational security policies in Information Systems (ISs).This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool.Ensure that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.Lead RMF A&A efforts including activities within the A&A cycle and outside of the ISSO functions.Provide POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.Assist with IR activities by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.Work with the Security Tools Team to identify Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.Qualifications:
Skills and Experience:
Experience with DODI 8510.01, 8500.01, NIST SP 800.37, 800.137, 800.53 rev 4/5, 800-39, 800.171 and 800.171A for self-assessments.Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta.Experience in performing and assessing Security and Privacy Controls per NIST 800.53 rev 4/5 and NIST 800.53a guidelines.Experience with systems engineering design and development toward a "baked in" security design using Information Assurance best practices.Understanding of the FedRAMP process, coordinating with 3PAOs, and migrating on-prem systems to an accredited cloud-based solution.Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS).Knowledge of vulnerability management, risk management, project management, proficient with Microsoft products: Word, Excel, PowerPoint.Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.Experience with Tenable's Nessus and/or Security Center, or Network Mapper is a plus.Risk assessment experience, especially with NIST SP 800.53 Threat identification.Must be able to validate security patches as they align to NIST guidelines, client policies and procedures, and OMB Mandates.Experience with creating or maintaining security artifacts as part of the ATO package.Qualifications:
Bachelor's degree; or can be substituted for Associate's degree with 5 years relevant experience, or 10 years relevant experience.DoD Top Secret Clearance is required.IAT Level II Certification minimum.Additional Information:
This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.System High values the power and strength of diverse backgrounds on the culture and performance of our company. We strive to maintain an inclusive culture to encourage each employee to bring their whole self to the mission.System High Corporation is an Equal Opportunity/Affirmative Action Employer.Warning:
Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.
#J-18808-Ljbffr