NXTKEY CORPORATION
Information System Security Officer / ISSO
NXTKEY CORPORATION, Washington, District of Columbia, us, 20022
Information System Security Officer / ISSO
Full-timeNXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers' needs, we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management, and Business Process Services and Solutions.Information System Security Officer / ISSO duties include:Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm, and other scan applications.Evaluate the assigned information systems’ security control compliance with federal requirements and the client’s monitoring strategy.Manage emerging and defined risks associated with the administration and use of assigned information systems.Coordinate with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO).Ensure systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package.Perform annual assessments to ensure compliance with the client’s policies and standards.Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented.Ensure information system security requirements are addressed during all phases of the information systems lifecycle.Establish audit trails, ensure their review, and make them available while retaining audit logs in accordance with DOJ and component policies.Generate and interpret documentation needed to address the items detailed within the GRC tool.Work within a team environment to provide technically sound guidance to adhere to cybersecurity industry best practices and the client’s monitoring strategy.Analyze collected information to identify vulnerabilities and potential exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required.Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy.Support the integration/testing, operations, and maintenance of systems security.Develop, update, and maintain internal Standard Operating Procedures for all internal assigned functions.Align business processes and information technology strategy with the conditions and circumstances of the functional environment and establish effective performance measures.Contribute to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities.Provide system operation support, administer hardware and software inventory.Required Skills:B.A. or B.S. in Computer Science or a related field.System authorizations and configuration management.Experience creating or modifying information security documentation.Experience testing and documenting information security controls (NIST SP 800-53).Active Public Trust clearance, adjudicated within the past 5 years.Must have worked on US Federal Government Projects.
#J-18808-Ljbffr
Full-timeNXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers' needs, we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management, and Business Process Services and Solutions.Information System Security Officer / ISSO duties include:Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm, and other scan applications.Evaluate the assigned information systems’ security control compliance with federal requirements and the client’s monitoring strategy.Manage emerging and defined risks associated with the administration and use of assigned information systems.Coordinate with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO).Ensure systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package.Perform annual assessments to ensure compliance with the client’s policies and standards.Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented.Ensure information system security requirements are addressed during all phases of the information systems lifecycle.Establish audit trails, ensure their review, and make them available while retaining audit logs in accordance with DOJ and component policies.Generate and interpret documentation needed to address the items detailed within the GRC tool.Work within a team environment to provide technically sound guidance to adhere to cybersecurity industry best practices and the client’s monitoring strategy.Analyze collected information to identify vulnerabilities and potential exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required.Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy.Support the integration/testing, operations, and maintenance of systems security.Develop, update, and maintain internal Standard Operating Procedures for all internal assigned functions.Align business processes and information technology strategy with the conditions and circumstances of the functional environment and establish effective performance measures.Contribute to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities.Provide system operation support, administer hardware and software inventory.Required Skills:B.A. or B.S. in Computer Science or a related field.System authorizations and configuration management.Experience creating or modifying information security documentation.Experience testing and documenting information security controls (NIST SP 800-53).Active Public Trust clearance, adjudicated within the past 5 years.Must have worked on US Federal Government Projects.
#J-18808-Ljbffr