Information System Security Officer (ISSO)

Description

The Amivero Team

Amivero’s team of IT professionals delivers digital services that elevate the federal government, whether national security or improved government services. Our human-centered, data-driven approach is focused on truly understanding the environment and the challenge, and reimagining with our customer how outcomes can be achieved.

Our team of technologists leverage modern, agile methods to design and develop equitable, accessible, and innovative data and software services that impact hundreds of millions of people.

As a member of the Amivero team you will use your empathy for a customer’s situation, your passion for service, your energy for solutioning, and your bias towards action to bring modernization to very important, mission-critical, and public service government IT systems.

Special Requirements

• US Citizenship Required to obtain DHS Public Trust
• DHS Public Trust Preferred
• 7 years of related experience

The Gist…

 Our Information System Security Officer (ISSO) plays a vital role in protecting the integrity, confidentiality, and availability of our information systems. As a key member of the security team, the ISSO is responsible for maintaining compliance with federal cybersecurity standards, managing system security plans (SSPs), conducting risk assessments, and overseeing the implementation of security controls. This role ensures that all systems operate securely and in alignment with organizational and regulatory requirements, supporting the broader mission of safeguarding sensitive data and infrastructure. 

What Your Day Might Include…

• Implement Cybersecurity Program strategy
• Apply information security in accordance with National/DHS/CBP directives security policy including, but not limited to, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, DHS 4300A, CBP Handbook 1400-05D
• Assess entire system lifecycle requirements and network security impacts
• Support creation of, and ensure approval for, Department of Homeland Security (DHS) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects
• Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures
• Document DHS RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation
• Assist government personnel in preparing and presenting Information Assurance Compliance System (IACS) packages to the Control Assessor (SCA) Assess and analyze the current threat environment
• Enhance – Implement Cybersecurity vulnerability/A&A hardening testing
• Optimize – Cybersecurity development environment certification
• Architect & Engineer security – develop security goals, capabilities, controls, and architecture
• Design & Implement security – vulnerability management, build security into development
• Integrate & Test Security – test patches and settings, document A&A artifacts
• Validate & Verify security – validate patch status and software control status
• Implement security – apply patches and security settings, performance incident handling and remediation
• Maintain security posture – audit security settings, track security training, monitor threats, track reaccreditation
• Enable assurance for information security during all phases of agile software development and deployment
• Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth
• Identify, assess, and recommend zero-day cyber threat remediation
• Address Cybersecurity issues to help maintain Continuity of Operations Plans (COOP)
• Perform information security vulnerability testing and mitigate any nonconformance
• Supports reviews and audits of continuous system monitoring and contingency planning. Updates associated documentation as needed
• Create and manage Plan of Action & Milestones (POA&M)
• Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projects
• Understand and assist developers with static code analysis processes
• Report and help investigate security-related incidents and security violations as requested by the Computer Security Incident Response Center (CSIRC)
• Monitor and inspect for approved software usage and implementation of approved antivirus and other security related software
• Develop and maintain security training programs are developed and maintained

Requirements

You’ll Bring These Qualifications…

• Must be a U.S. Citizen to obtain DHS Public Trust clearance
• College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline
• Demonstrated knowledge DHS 4300A, “Sensitive Systems Handbook”, and CBP Handbook 1400-05D, “Information Systems Security Policies and Procedures Handbook”
• Demonstrated knowledge of NIST Information Technology Security Special Publications (SP) 800 series, with emphasis on NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53A, “Guide for Assessing the Security Controls in Federal Information Systems”
• Professional Experience: 7 years related technical experience
• Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement
• Working knowledge of Federal Information Security Management Act (FISMA) reporting requirements and processes
• Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas
• Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness
• Experience with continuous integration tools and environments
• Experience with scripting languages like Perl, VBScript, Ruby, etc.
• Experience with Computer Network Defense (CND) processes, procedures, and tools
• Acting independently to expose and resolve problems
• Demonstrated experience with HP Fortify Software Security Center
• Demonstrated experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability Scanner
• Demonstrated experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
• Demonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologies
• Demonstrated experience using IACS
• Demonstrated ability to identify and manage risk
• Certifications Preferred: minimum Security CE or equivalent, CISSP or CASP preferred

EOE/M/F/VET/DISABLED

All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Amivero complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.