The selected candidate shall provide Information System Security Officer (ISSO) and Acting Information Security Officer (AISSO) support to designated federal ISSOs to ensure customer systems maintain their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A Rev 4 and NIST SP 800-53A Rev4 guidance. This support shall include providing IT security assessment and IT security audit functions to ensure FISMA compliance, support in developing and maintaining documentation in support of Certification & Accreditation (C&A) as required by the Federal Information Security Management Act (FISMA); ensuring all C&A and system security documentation (Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis) is kept up to date or create C&A documentation when needed; and ensuring systems meet all security requirements mandated by DHS 4300A and DHS Management Directives.
Follow the Information Systems Security Officer (ISSO) Guide, V10, when developing, updating, or reviewing required security artifacts in the Xacta Information Assurance Manager. Ensure proper access controls are implemented for both system access and physical access to data processing facilities
Create, update and assess compliance of system Authority to Operate (ATO) packages.
Provide information security expertise to system development teams throughout the System Engineering Lifecycle process.
Ensure Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely fashion.
Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM)
Ensure proper access controls are implemented for both system access and physical access to data processing facilities
Experienced with creating Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis
Provide information security expertise to system development teams throughout the System Engineering Lifecycle process
Independently manages workload and provides guidance to less experienced staff
At least five years of experience with FISMA Compliance and the NIST RMF
Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security, activities related to Ongoing Authorization
Knowledge of information security best practices, Enterprise Architecture,
Experience with Xacta IA manager, Nessus Security Center, Splunk, FedRAMP, Data Centers, AWS, and prior DHS experience strongly preferred.
Clearance Required: US Citizen with the ability to obtain Public Trust and complete DHS Security Clearance; Ability to obtain DHS EOD suitability or Current DHS EOD preferred.
Education: Typically requires B.S. degree in computer science, systems engineering, or electrical engineering, or industry equivalent experience required, and minimum of 5 years of related experience in information security.