Senior Information Systems Security Officer ISSO

Job Title: Senior Information Systems Security Officer (ISSO) 5 openings

Location: Arlington Virginia (5 days onsite)

Clearance Level: DoD Top Secret Clearance

Duration: 12month contract to hire

Top Skills:

Top Secret clearance

5 days a week on site in Arlington VA

Deep experience in NIST 80053 controls specifically CM4

At least 12 years of experience

Responsibilities

• Provide oversight for assigned network(s) by working with operations staff to ensure compliance per STIGs and IAVM.
• Perform ISSO duties and responsibilities in DODI 8500.01 DODI 8510.01 and DoD Policy.
• Develops reviews evaluates and verifies results to validate enclave security requirements in accordance with applicable Intelligence Community DoD and Army cybersecurity and Information Assurance (IA) regulations policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS) Cloud Tactical etc. within the programs portfolio.
• This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS XACTA or other approved A&A tool to include System Security Plans Risk Assessment Reports System Requirements Traceability Matrices (SCTM) and other documentation as required by ICD 503 NIST 80053 CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
• Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information Systems Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.
• Lead RMF A&A efforts including: activities within the A&A cycle and outside of the ISSO functions work directly with ISSM ISO and AO work with engineering and operations support staff to secure systems and ensure compliance and provide oversight for existing and new POAMs.
• Provided POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.
• Responsible for performing ConMon reviews for daily weekly monthly and quarterly checks.
• Assist with IR activities providing by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.
• Work with the Security Tools Team to identity Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.
• Skills and Experience
• Experience with DODI 8510.01 8500.01 NIST SP 80037 3 rev 4/and 800171A for selfassessments; NIST 800100 NIST 80018.
• Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta and applying security categorization per the NIST FIPS 199 and NIST SP 80060.
• Experience in performing and assessing Security and Privacy Controls per NIST 80053 rev 4/5 and NIST 80053a guidelines.
• Experience with systems engineering design and development toward a bakedin security design using Information Assurance best practices.
• Understanding of the FedRAMP process coordinating with 3PAOs and migrating on prem systems to an accredited cloudbased solution (e.g. AWS (GovCloud) Azure).
• Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS) and wellversed in interpreting risk posture resulting from assessment reports.
• Knowledge of vulnerability management risk management project management proficient with Microsoft products Word Excel PowerPoint.
• Prepare distribute and maintain plans instructions and SOPs concerning system security.
• Experience with Tenables Nessus and/or Security Center or Network Mapper is a plus.
• Risk assessment experience especially with NIST SP 80053 Threat identification system security categorization gap analysis and compliance reporting.
• Must be able to validate security patches as they align to NIST guidelines client policies and procedures and OMB Mandates.
• Experience with creating or maintaining security artifacts as part of the ATO package including but not limited to; System Security Plan (SSP) Contingency Plans (CP) Disaster Recovery Plans (DRP) Plan of Action and Milestone (POA&M) Incident Response (IR) and other security documentation.

Qualifications

• Bachelors degree; or can be substituted for Associates degree with 5 years relevant experience or 10 years relevant experience.
• 12 years relevant experience.
• DoD Top Secret Clearance is required.
• IAT Level II Certification minimum.

Thanks and Regards

Murali Sharma

202.828.3494