Fusion Innovation
Information System Security Officer
Fusion Innovation, Chantilly, Virginia, United States, 22021
Job Description
Position/Title:
Systems Engineer, Senior - Information System Security Officer (ISSO)
Task Order:
Pinnacle TO1 - Extended PoP -
25 October 2024
Systems Engineer, Senior - Information System Security Officer (ISSO)
Facilitates "Assessment & Authorization" ("A&A") of internally developed applications and systems by leveraging customer "A&A" tools and applying applicable organizational and Intelligence Community (IC) policies to achieve desired "Authorization to Operate" (ATO) status.
Serve as an advisor to the system owner and project team regarding security implications of their system development.
Register system to the organizational "A&A" toolIdentify system security boundaryCalculate Confidentiality, Integrity, and Availability values for the systemCalculate Overlay Values, if any, for the systemDetermine applicable system layers (i.e., Application, Service, Data-store, Operating System, hardware, and/or Network)Address applicable security controls by gathering or generating associated artifacts (i.e., bodies of evidence)
Assist in the evaluation of security solutions to ensure they meet applicable security controls for processing classified information.
Work with system owner and project team to implement mitigation strategies for controls.Formulate appropriate Plan of Action(s) and Milestone(s) (POAMs) or Risk Acceptance (RA) justification to mitigate/address affected security controls.Conduct monthly Rapid7 scans to ascertain vulnerabilities and to implement mitigation strategies (e.g., patching, software updates, CVE's, etc.). Ensure remediation actions based on the scan results, POAMs, and Risk Assessments are implemented.Upload scan results to customer "A&A" tool repository.
Work with appropriate organizational "External Partners" that have a stake in the system's cyber security posture to provide them with applicable documentation (e.g., Contingency Plan, System Dependencies, Configuration Management).Work with appropriate ISSM's and Assessors to arrange for TEMs to obtain system security guidance/clarification.
Solid knowledge of IC-Directive 503 (ICD-503) Risk Management Framework (RMF) to step through its respective stages.Solid knowledge of Committee on National Security Systems Instruction 1253 (CNNSI 1253) security controls.
Position/Title:
Systems Engineer, Senior - Information System Security Officer (ISSO)
Task Order:
Pinnacle TO1 - Extended PoP -
25 October 2024
Systems Engineer, Senior - Information System Security Officer (ISSO)
Facilitates "Assessment & Authorization" ("A&A") of internally developed applications and systems by leveraging customer "A&A" tools and applying applicable organizational and Intelligence Community (IC) policies to achieve desired "Authorization to Operate" (ATO) status.
Serve as an advisor to the system owner and project team regarding security implications of their system development.
Register system to the organizational "A&A" toolIdentify system security boundaryCalculate Confidentiality, Integrity, and Availability values for the systemCalculate Overlay Values, if any, for the systemDetermine applicable system layers (i.e., Application, Service, Data-store, Operating System, hardware, and/or Network)Address applicable security controls by gathering or generating associated artifacts (i.e., bodies of evidence)
Assist in the evaluation of security solutions to ensure they meet applicable security controls for processing classified information.
Work with system owner and project team to implement mitigation strategies for controls.Formulate appropriate Plan of Action(s) and Milestone(s) (POAMs) or Risk Acceptance (RA) justification to mitigate/address affected security controls.Conduct monthly Rapid7 scans to ascertain vulnerabilities and to implement mitigation strategies (e.g., patching, software updates, CVE's, etc.). Ensure remediation actions based on the scan results, POAMs, and Risk Assessments are implemented.Upload scan results to customer "A&A" tool repository.
Work with appropriate organizational "External Partners" that have a stake in the system's cyber security posture to provide them with applicable documentation (e.g., Contingency Plan, System Dependencies, Configuration Management).Work with appropriate ISSM's and Assessors to arrange for TEMs to obtain system security guidance/clarification.
Solid knowledge of IC-Directive 503 (ICD-503) Risk Management Framework (RMF) to step through its respective stages.Solid knowledge of Committee on National Security Systems Instruction 1253 (CNNSI 1253) security controls.