What are the responsibilities and job description for the Senior ISSO - TS/SCI CI Poly position at cFocus Software Incorporated?
cFocus Software is seeking a Senior ISSO to join our program located in Washington, DC / JBAB. This position requires an Active TS/SCI CI Poly.
Job Description:
Job Description:
- Lead the RMF process for assigned Cross Domain appliances withing DIA Enterprise networks.
- Maintain and report system’s Assessment & Authorization (A&A) status and events.
- Manage the System Security Plan (SSP) for assigned Cross Domain systems throughout their lifecycle.
- Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
- Ability to understand Service Central to monitor project requests required to initiate new change requests.
- Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved.
- Assist with identification of the security control baseline set and any applicable overlays.
- Ability to communicate relevant changes to the Security Control Assessor (SCA)
- Assemble the Security Authorization Package and submit for adjudication.
- Register and maintain the system in XACTA.
- Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment.
- Report changes in the security posture of systems to the Authorizing Official (AO).
- Utilize the Collaboration Board in XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
- Assist the ISSMs in executing their duties and responsibilities.
- Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
- Ensure an incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly.
- Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
- Utilize the Collaboration Board in the XACTA workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
- TS/SCI w Counter Intelligence Polygraph required
- Must meet DoD 8570/8140 Certifications (i.e. IAM Level II/III or IAT II/III).
- Well versed with using vulnerability assessment tools (ACAS, NESSUS, etc.) and analyzing the results generated from these assessments.
- Demonstrated experience writing information system security control documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).
- Knowledge of Risk Management Framework (RMF) information security engineering, design concepts and principles.
- Support annual assessments in accordance with guidance in the DIA Enterprise standards.
- Basic understanding of VMware.
- Ability to use MS Office, Analytical and Critical Thinking Skills,
- Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates;
- Respond to emerging requirements or policies as set by legislation, regulation or policy;
- Experience supporting systems hosted in Cloud environments.
- Conduct Contingency Plan tests at least annually and updating the plan;
- Maintain knowledge of inventory in accreditation boundary;
- Oral and written communication skills;
- Interpersonal and People Skills.
