MAXIMUS
Information System Security Officer (ISSO)
MAXIMUS, Arlington, Virginia, United States, 22201
General information
Job Posting Title
Information System Security Officer (ISSO)
Date
Monday, October 7, 2024
City
Arlington
State
VA
Country
United States
Working time
Full-time
Description & Requirements
Maximus is seeking a highly skilled Senior Information Systems Security Operator (ISSO) to join our team in Arlington, VA.
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7
The ideal candidate will be responsible for ensuring the security and integrity of our information systems by implementing and maintaining robust security measures. This includes developing and enforcing security policies, conducting regular security audits, and staying up to date with the latest cybersecurity threats and trends.
Key Responsibilities: Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG). Implement media control procedures and continuously monitor for compliance. Verify data security access controls and assign privileges based on need-to-know. Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs). Apply and maintain required confidentiality controls and processes. Verify authenticator generation and verification requirements and processes. Execute media sanitization (clearing, purging, or destroying) and reuse procedures. Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII). Create and manage the Body of Evidence (BOE). Maintain privilege access control logs. Create and manage Interconnection Security Agreements (ISA). Ensure JSIG compliance of applications within multiple accredited boundaries. Track vulnerabilities by creating Plan of Action and Milestones (POA&M). Manage the configuration and documentation in the programs instance of Enterprise Mission Assurance Support Services (eMASS). Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance. Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review. Conduct code reviews for database and application development and configuration management activities. Analyze events or test results and prepare POA&Ms. Integrate project management, configuration management, continuous monitoring, and POA&M processes. Prepare reports identifying the results of compliance and performance tests. Develop and implement information assurance/security standards and procedures. Coordinate, develop, and evaluate security programs for the organization. Review information assurance/security solutions to support customer requirements. Identify, report, and resolve security violations. Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands. Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.
Required Skills: Per contract requirements candidates must possess an active TS/SCI clearance with the ability to obtain CI Poly. A Bachelors degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement. Security+ certification or equivalent (DoD 8570) if no current IAM Level II certification. 8+ years of experience in cybersecurity or a related field. 2+ years of experience displaying strong knowledge of operating systems (e.g., Windows, Linux). 2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community. 2+ years of experience as a Cyber or Security Analyst for federal information systems. 2+ years of experience with the Federal Risk and Authorization Management Program (FedRAMP).
Minimum Requirements
TCS040, T4, Band 7
Desired Skills: IAT level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or ability to obtain certification within six months of hiring. Experience with the Special Access Programs (SAPs) and Intelligence Community (IC). Strong knowledge of cybersecurity principles, tools, and techniques. Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG) Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications. Quick learner and team player. The ability to adapt in fast paced environments, comfort with ambiguity. Familiarity with cloud technologies, security practices, and agile methodologies. Strong self-organization and self-management skills with emphasis on self-initiation and follow through. Proven written and oral communication skills. Experience in reviewing proposed change requests related to system design/configuration and performing security impact analysis. The ability to work independently. Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications. Experience with the Federal Risk and Authorization Management Program (FedRAMP).
#techjobs #clearance
EEO Statement
Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. Were proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Minimum Salary
$
97,200.00
Maximum Salary
$
164,147.00
Job Posting Title
Information System Security Officer (ISSO)
Date
Monday, October 7, 2024
City
Arlington
State
VA
Country
United States
Working time
Full-time
Description & Requirements
Maximus is seeking a highly skilled Senior Information Systems Security Operator (ISSO) to join our team in Arlington, VA.
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7
The ideal candidate will be responsible for ensuring the security and integrity of our information systems by implementing and maintaining robust security measures. This includes developing and enforcing security policies, conducting regular security audits, and staying up to date with the latest cybersecurity threats and trends.
Key Responsibilities: Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG). Implement media control procedures and continuously monitor for compliance. Verify data security access controls and assign privileges based on need-to-know. Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs). Apply and maintain required confidentiality controls and processes. Verify authenticator generation and verification requirements and processes. Execute media sanitization (clearing, purging, or destroying) and reuse procedures. Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII). Create and manage the Body of Evidence (BOE). Maintain privilege access control logs. Create and manage Interconnection Security Agreements (ISA). Ensure JSIG compliance of applications within multiple accredited boundaries. Track vulnerabilities by creating Plan of Action and Milestones (POA&M). Manage the configuration and documentation in the programs instance of Enterprise Mission Assurance Support Services (eMASS). Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance. Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review. Conduct code reviews for database and application development and configuration management activities. Analyze events or test results and prepare POA&Ms. Integrate project management, configuration management, continuous monitoring, and POA&M processes. Prepare reports identifying the results of compliance and performance tests. Develop and implement information assurance/security standards and procedures. Coordinate, develop, and evaluate security programs for the organization. Review information assurance/security solutions to support customer requirements. Identify, report, and resolve security violations. Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands. Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.
Required Skills: Per contract requirements candidates must possess an active TS/SCI clearance with the ability to obtain CI Poly. A Bachelors degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement. Security+ certification or equivalent (DoD 8570) if no current IAM Level II certification. 8+ years of experience in cybersecurity or a related field. 2+ years of experience displaying strong knowledge of operating systems (e.g., Windows, Linux). 2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community. 2+ years of experience as a Cyber or Security Analyst for federal information systems. 2+ years of experience with the Federal Risk and Authorization Management Program (FedRAMP).
Minimum Requirements
TCS040, T4, Band 7
Desired Skills: IAT level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or ability to obtain certification within six months of hiring. Experience with the Special Access Programs (SAPs) and Intelligence Community (IC). Strong knowledge of cybersecurity principles, tools, and techniques. Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG) Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications. Quick learner and team player. The ability to adapt in fast paced environments, comfort with ambiguity. Familiarity with cloud technologies, security practices, and agile methodologies. Strong self-organization and self-management skills with emphasis on self-initiation and follow through. Proven written and oral communication skills. Experience in reviewing proposed change requests related to system design/configuration and performing security impact analysis. The ability to work independently. Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications. Experience with the Federal Risk and Authorization Management Program (FedRAMP).
#techjobs #clearance
EEO Statement
Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. Were proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Minimum Salary
$
97,200.00
Maximum Salary
$
164,147.00