Company:
Illuminate Mission Solutions
Location: Sterling
Closing Date: 04/11/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Overview
The Information Systems Security Officer (ISSO) manages all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches. The ISSO drives Authority to Operate (ATO) and/or Authority to Proceed (ATP) efforts and makes independent recommendations to the customer during the process. ISSOs understand and execute the Risk Management Framework process. The ISSO conduct risk analyses and writes documents including Plan of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
Responsibilities
Required Knowledge, Skills, and Abilities:
Equal employment opportunity employer:
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Illuminate is committed to providing veteran employment opportunities to our service men and women.
The Information Systems Security Officer (ISSO) manages all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches. The ISSO drives Authority to Operate (ATO) and/or Authority to Proceed (ATP) efforts and makes independent recommendations to the customer during the process. ISSOs understand and execute the Risk Management Framework process. The ISSO conduct risk analyses and writes documents including Plan of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
Responsibilities
- Manages all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.
- Applies Risk Management Framework (RMF), conducts risk analysis, and produces risk assessments.
- Spearheading Authority to Operate (ATO) and/or Authority to Proceed (ATP) efforts while making independent recommendations to Government Leads during these processes.
- Conducts risk analysis from vulnerability and compliance scans, pen testing results, or other audit activity.
- Creates written works to including Plan of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
- Participates in Agile Planning Events to provide technical input.
Required Knowledge, Skills, and Abilities:
- Understands the Risk Management Framework (RMF), and how risk management is executed, what risk means, and how to analyze it.
- Knowledgeable on one or more cloud computing services and technologies including but not limited to: AWS, Microsoft Azure, VMware, etc.
- Able to clearly and concisely articulate true and accurate status updates on government IT systems security posture, and overall system health to the customer.
- Must have a current SECRET clearance AND be clearable to TS/SCI.
- Bachelor's degree in a technical discipline and seven (7) years relevant experience OR a total of 10 years' relevant experience
- Executing the NIST Risk Management Framework (RMF) and applying security practices found in NIST publications. (i.e. SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, etc.)
- Documenting System Security Plans to include security control implementation statements.
- Conducting periodic reviews of implementation statements to ensure persistent compliance with applicable government and agency level policies in addition to ISO and NIST standards.
- Validating implementation of security controls within a cloud environment (AWS or Azure).
- Supporting the security assessment and authorization or ATO process
- Supporting the security assessment and authorization (or ATO) process.
- Analyzing testing results from scans, audits, penetration tests, or other test efforts to determine risk levels.
- Conducting Continuous Monitoring and maintaining the security posture of IT systems within on-prem, cloud, and hybrid environments.
- Familiar with the Microsoft Office 365 Suite. (i.e. Word, PowerPoint, SharePoint, Excel, etc.)
- Cyber program experience within federal customer space
- Familiar with Scaled Agile Frameworks (SAFe), agile development principles, and DevSecOps methodologies
- Have managed vulnerabilities on virtualized IT systems and assets or virtual machines (i.e. VDI and VMware.)
- SAFe Agile tool experience (e.g., Jira, Jira Align, or ServiceNow)
- P ossess CISSP, CCSP, AWS, MS Azure, CISA, CAP, or SAFe 6
Equal employment opportunity employer:
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Illuminate is committed to providing veteran employment opportunities to our service men and women.
Share this job
Illuminate Mission Solutions