Senior Information Systems Security Officer (ISSO)

Job Title: Senior Information Systems Security Officer (ISSO) 5 openings

Location: Arlington, Virginia (5 days onsite)

Clearance Level: DoD Top Secret Clearance

Duration: 12-month contract to hire

Top Skills:

Top Secret clearance

5 days a week on site in Arlington, VA

Deep experience in NIST 800-53 controls, specifically CM-4

At least 12 years of experience

Responsibilities

• Provide oversight for assigned network(s) by working with operation's staff to ensure compliance per STIGs and IAVM.
• Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.
• Develops, reviews, evaluates and verifies results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, Tactical, etc., within the program's portfolio.
• This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800?53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
• Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.
• Lead RMF A&A efforts including: activities within the A&A cycle and outside of the ISSO functions, work directly with ISSM, ISO, and AO, work with engineering and operations support staff to secure systems and ensure compliance, and provide oversight for existing and new POAMs.
• Provided POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.
• Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.
• Assist with IR activities providing by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.
• Work with the Security Tools Team to identity Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.
• Skills and Experience
• Experience with DODI 8510.01, 8500.01, NIST SP 800-37, 800-137, 800-53 rev 4/5, 800-39, 800-171 and 800-171A for self-assessments; NIST 800-100, NIST 800-18.
• Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta and applying security categorization per the NIST FIPS 199 and NIST SP 800-60.
• Experience in performing and assessing Security and Privacy Controls per NIST 800-53 rev 4/5 and NIST 800-53a guidelines.
• Experience with systems engineering design and development toward a "baked-in" security design using Information Assurance best practices.
• Understanding of the FedRAMP process, coordinating with 3PAO's, and migrating on prem systems to an accredited cloud-based solution (e.g. AWS (GovCloud), Azure).
• Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS) and well-versed in interpreting risk posture resulting from assessment reports.
• Knowledge of vulnerability management, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint.
• Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Experience with Tenable's Nessus and/or Security Center, or Network Mapper is a plus.
• Risk assessment experience, especially with NIST SP 800-53 Threat identification, system security categorization, gap analysis, and compliance reporting.
• Must be able to validate security patches as they align to NIST guidelines, client policies and procedures, and OMB Mandates.
• Experience with creating or maintaining security artifacts as part of the ATO package including but not limited to; System Security Plan (SSP), Contingency Plans (CP), Disaster Recovery Plans (DRP), Plan of Action and Milestone (POA&M), Incident Response (IR), and other security documentation.

Qualifications

• Bachelor's degree; or can be substituted for Associate's degree with 5 years relevant experience, or 10 years relevant experience.
• 12 years relevant experience.
• DoD Top Secret Clearance is required.
• IAT Level II Certification minimum.

Thanks and Regards,

Murali Sharma

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.