NXTKEY CORPORATION
Information System Security Officer / ISSO
NXTKEY CORPORATION, Washington, District of Columbia, us, 20022
Information System Security Officer / ISSO
Full-timeNXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers needs; we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management and Business Process Services and Solutions.Information System Security Officer / ISSO duties include:Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditationPrepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applicationsEvaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategyManagement of emerging and defined risks associated with the administration and use of assigned information systemsCoordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO)Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization packagePerforming annual assessments to ensure compliance with the client’s policies and standardsServe as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documentedEnsuring information system security requirement are addressed during all phases of information systems lifecycleEstablishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policiesGenerate and interpret documentation needed to address the items detailed within the GRC toolWork within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategyAnalyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as requiredEffectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategySupport the integration/testing, operations, and maintenance of systems securityDevelops, updates, and maintains internal Standard Operating Procedures for all internal assigned functionsAligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measuresContributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activitiesProvides system operation support, administers hardware and software inventoryRequired Skills
• B.A. or B.S. in Computer Science or a related field• System authorizations and configuration management• Experience creating or modifying information security documentation• Experience testing and documenting information security controls (NIST SP 800-53)Active Public Trust clearance, adjudicated withinpast5 years.Must have worked on US Federal Government Projects.
#J-18808-Ljbffr
Full-timeNXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers needs; we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management and Business Process Services and Solutions.Information System Security Officer / ISSO duties include:Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditationPrepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applicationsEvaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategyManagement of emerging and defined risks associated with the administration and use of assigned information systemsCoordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO)Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization packagePerforming annual assessments to ensure compliance with the client’s policies and standardsServe as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documentedEnsuring information system security requirement are addressed during all phases of information systems lifecycleEstablishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policiesGenerate and interpret documentation needed to address the items detailed within the GRC toolWork within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategyAnalyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as requiredEffectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategySupport the integration/testing, operations, and maintenance of systems securityDevelops, updates, and maintains internal Standard Operating Procedures for all internal assigned functionsAligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measuresContributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activitiesProvides system operation support, administers hardware and software inventoryRequired Skills
• B.A. or B.S. in Computer Science or a related field• System authorizations and configuration management• Experience creating or modifying information security documentation• Experience testing and documenting information security controls (NIST SP 800-53)Active Public Trust clearance, adjudicated withinpast5 years.Must have worked on US Federal Government Projects.
#J-18808-Ljbffr