Duties and Responsibilities:
The selected candidate shall provide support to the designated Information System Security Officer (ISSO) to ensure customer systems maintain their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A and NIST SP guidance.
This support shall include providing IT security assessment and IT security audit functions to ensure FISMA compliance, support in developing and maintaining documentation in support of Certification & Accreditation (C&A) as required by the Federal Information Security Management Act (FISMA); ensuring all C&A and system security documentation is kept up to date; and ensuring systems meet all security requirements mandated by DHS 4300A and DHS Management Directives.
Follow the Information Systems Security Officer (ISSO) Guide, V10, when developing, updating, or reviewing required security artifacts in the Xacta Information Assurance Manager.
Implementing Intrusion Detection Systems, Public Key Infrastructure, and preparing security related documentation for all phases of Security Life Cycle Management.
Ensure proper access controls are implemented for both system access and physical access to data processing facilities
Create, update and assess compliance of system Authority to Operate (ATO) packages.
Provide information security expertise to system development teams throughout the System Engineering Lifecycle process.
Ensure Plan of Action & Milestone (POA&M) reports are maintained and that security vulnerabilities are tracked and remediated.
Ability to obtain DHS EOD suitability or Current DHS EOD preferred.
Education and Experience:
Typically requires B.S. degree and minimum of 7 years of related experience in information security
Five years' experience with security programs, policy development, security life cycle management, and security risk assessment.
Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM)
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and seven years related experience.