Position: Mid-level ISSO
Location: Remote out of Greater Washington, D.C.
Employment Type: 6-month CTH+ (guaranteed conversion at 6 mos)
Conversion Salary: $130k
Role Overview: Our Federal Services partner is looking for a mid-level Information System Security Officer (ISSO) to join their active Federal contract. As an ISSO, you will be responsible for researching, developing, implementing, testing and reviewing organization's information security to protect information and prevent unauthorized access.
Requirements:
- Minimum 3-5 years of Cybersecurity / Information Security experience
- General knowledge of infrastructure devices (i.e. firewalls, routers, switches.)
- DHS experience is highly preferred
- Security+ Certification
- Working knowledge and experience with CSAM and the NIST RMF.
- Knowledge of the process to obtain a system ATO and requirements to maintain the ATO.
- Experience working with system stakeholders to assess and manage system cybersecurity risk
- Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations.
- Ability to write clear, concise and effective security control implementation statements
- Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
- Ability to draft a complete ATO package, to include the SSP.
- Ability to work independently and within given timelines.
Responsibilities:
- Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2.
- Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s).
- Continuously update all Security Authorization documentation to maintain assigned system’s ATO or system go live dates.
- Select the baseline security controls for the IT system, using CSAM, and tailor where appropriate.
- Document all relevant NIST 800-53 Security Controls for assigned IT systems in the System Security Plan (SSP).
- Perform and document initial and annual risk self-assessments of all systems assigned
- Develop and document all supporting Security A&A artifacts (i.e., PTA, SSP, ITCP, BIA, CMP, MOU, ISA).
- Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO).
- Track the deployment of software to the environment that is not part of the base image.
- Conduct security impact analyses of proposed changes, provide recommendations.
- Ability to analyze configuration settings, implementation of STIGs, and conducting manual checklists.
- Generate Plan of Actions & Milestones (POA&Ms), with meaningful milestones, for each non-compliant control for assigned IT Systems.
About EEG: Eight Eleven Group (Brooksource) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.