Sr. ISSO (Information System Security Officer
We are looking for an Sr. ISSO (Information System Security Officer
to join our team in Reston, VA.
Sharp Solutions Inc is seeking a Sr. Information System Security Officer (ISSO) to support multiple federal agencies through the Continuous Diagnostic& Mitigation (CDM) Program. The CDM Program is a high-profile, high visibility, cybersecurity modernization and risk management program where you can contribute innovative solutions and consult with many different federal agencies to enhance their Information Assurance (IA) programs and continuous monitoring capabilities.
Responsibilities will include:
Basic Qualifications and Education/Certification Requirements:
- Perform all key functions for the facilitation, execution, and reporting of all system security externally with Federal Agencies
- Support creation of contract deliverables and system security related project artifacts
- Provide consulting to Agencies on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives
- Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide increased visibility to system owners on impacts to the security posture of systems
- Ensure system security measures comply with applicable government policies
- Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system
- Ensure that system security requirements are addressed throughout the project and system lifecycle
- Ensure effective controls and processes are in place and working effectively to maintain a strong system security posture.
- Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
- Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (POC)/ISSO any related remediation activities
- Understand and monitor operations processes, including but not limited to, the Incident Response Process and Communications Process, to ensure that they are followed properly at Agencies for applicable CDM solutions and tools
- Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate
- Bachelor’s degree in Information Technology or Information Security
- 7+ years demonstrated InfoSec experience specializing in NIST RMF
- DoD 8570 approved baseline certification (s) (i.e., CISSP, CISM) preferred
- Experience with DHS Ongoing Authorization Program Framework and use cases preferred
- Experience with DHS Continuous Diagnostics and Mitigation (CDM) a plus
- Experience with AWS Cloud, Azure Cloud, or Cloud implementations and environments
- Extensive knowledge and experience with information security standards, policies, and practices – NIST SP 800-53 rev4, SP 800-37 rev2, FIPS-199, DHS 4300A.
- Demonstrated experience writing information system security documentation (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).
- Experience using vulnerability assessment tools (NESSUS, AppDetective, etc.), analyzing and interpreting assessment results.
- Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/written reports) to all levels of management
- Ability to research and address information security issues as required as an authority on the subject.
- FedRAMP experience a plus
- Strong understanding of infrastructure technologies and functionalities (e.g., firewalls, Windows/Linux servers, Active Directory (AD), Splunk, Solarwinds, CyberArk, etc.)
- Effective oral and written communication skills with customer, technical, and senior management personnel
- Must possess a self-starter mentality and be an effective problem-solver
- Exceptional organizational and multi-tasking skills
Security Clearance Requirements:
- Demonstrated DHS specific InfoSec experience specializing in NIST RMF
- ITIL certification
- Extensive experience with Jira, ServiceNow and SharePoint
- Experience with program evaluation and redesign
- Experience with configuration, requirements, incident, and problem management
- Office work, typically sedentary with some movement around the office
SSi is an equal opportunity employer regardless of race, color, religion, creed, sex, marital status, national origin, disability, age, veteran status, on-the-job injury, sexual orientation, political affiliation or belief. Employment decisions are made without consideration of these or any other factors that employers are prohibited by law from considering. Any discriminatory action can be a cause for disciplinary action. SSi also prohibits discrimination against individuals with disabilities and will reasonably accommodate applicants with a disability, upon request, and will also ensure reasonable accommodation for employees with a disability. Veterans are encouraged to apply.