Information Security System Officer (ISSO)
Key Words: CISSP, Nessus, Security Center 5, Webinspect, DB Protect, Fortify, Appscan, Nipper, Burp Suite Pro, WebSphere, ActiveState Perl, Aquafold, SoapUI Pro, Ultraedit, SNSScan, SolarWinds Engineer’s Toolset, Fortify, RSA Archer, Swimlane, XACTA Continuum
Remote opportunity while the individual need to be onsite in Bethesda, MD on Wednesday.
The selected candidate shall provide Information System Security Officer (ISSO) and Acting Information Security Officer (AISSO) support to designated federal ISSOs to ensure customer systems maintain their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A Rev 4 and NIST SP 800-53A Rev4 guidance. This support shall include providing IT security assessment and IT security audit functions to ensure FISMA compliance, support in developing and maintaining documentation in support of Certification & Accreditation (C&A) as required by the Federal Information Security Management Act (FISMA); ensuring all C&A and system security documentation (Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis) is kept up to date or create C&A documentation when needed; and ensuring systems meet all security requirements mandated by DHS 4300A and DHS Management Directives.
- Follow the Information Systems Security Officer (ISSO) Guide, V10, when developing, updating, or reviewing required security artifacts in the Xacta Information Assurance Manager. Ensure proper access controls are implemented for both system access and physical access to data processing facilities
- Create, update and assess compliance of system Authority to Operate (ATO) packages.
- Provide information security expertise to system development teams throughout the System Engineering Lifecycle process.
- Ensure Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely fashion.
- Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM)
- Ensure proper access controls are implemented for both system access and physical access to data processing facilitie
- Experienced with creating Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis
- Provide information security expertise to system development teams throughout the System Engineering Lifecycle process
- Independently manages workload and provides guidance to less experienced staff
- At least five years of experience with FISMA Compliance and the NIST RMF
- Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security, activities related to Ongoing Authorization
- Knowledge of information security best practices, Enterprise Architecture,
- Experience with Xacta IA manager, Nessus Security Center, Splunk, FedRAMP, Data Centers, AWS, and prior DHS experience strongly preferred.
Clearance Required: US Citizen with the ability to obtain Public Trust and complete DHS Security Clearance; Ability to obtain DHS EOD suitability or Current DHS EOD preferred.
Education: Typically requires B.S. degree in computer science, systems engineering, or electrical engineering, or industry equivalent experience required, and minimum of 5 years of related experience in information security.
Location: Bethesda, MD
WINTrio is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.