Position Summary:
Location: Washington, DC
Job Requirements:
The Information Systems Security Officer (ISSO) will provide Security Certification and Accreditation (SC&A) support for moderate and low baseline IT systems consisting of data center hosted systems; FEDRAMP and non-FEDRAMP cloud applications, and hosted systems and provide support as the liaison between business functions/system representatives and the IT Security team.
​
​
Responsibilities:
-
Provides expertise and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-37 (Guide for Applying the Risk Management Framework to Federal Information Systems, latest version), NIST SP 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in support of the customer’s Information Assurance (IA) program in the implementation and deployment of major IT projects that support core mission capabilities of the customer and offices
-
Provides support to the Deputy Chief Information Officer (CIO) for Technology and Resiliency and Chief Information Security Officer (CISO), Information Assurance (IA) program and provides IT Security expertise enabling the organization to implement, maintain and improve a RMF Methodology that meets the requirements of the Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources;
-
Performs and/or assists in internal self-assessments and audits of IT systems to ensure compliance with mandated annual A-123 reporting, OIG, and GAO requirement
-
Develop, update, and maintain IT security standard operating procedures (SOPs) and management directives to support the Information Technology Center (ITC), the Network Security Operations Center (NSOC), and the broader organization community.
-
Update current or creating new (and updating once Security Certification and Accreditation (SC&A) packages that conform to NIST Special Publication 800-18 (Guide for Developing Security Plans for Information Technology Systems) for each of the IT system’s in the system portfolio, working with the CISO, FACM, developers, and system owners.
-
Update security plans for each application in the system portfolio (Xacta) in accordance with the RMF schedule, working with the CISO, FACM, developers, and system owners.
-
Assist system owners and stakeholders by facilitating meetings to perform Privacy Threshold Assessments (PTA) in accordance with customer’s Information Assurance (IA) program policies and NIST guidance.
-
Assist with the application security testing services for each IT system that requires an initial ATO or an ATO that must be updated during the SC&A process as part of the review and determination of the implementation of security controls in all IT systems.
-
Prepare and submit to the CISO the final SC&A packages, including the ATO Briefing to the system owner and the ATO letter, in accordance with established procedures.
-
Document and remediate Plan of Action and Milestones (POA&Ms) working with the CISO, FACM, and developers and system owners of applications
-
Provide support for the implementation of the Continuous Monitoring process and conduct/document continuous monitoring of IT systems
-
Assist system owners and stakeholders through the creation, analysis, modification, monitoring, and tracking of system POA&Ms within Xacta, provided by the customer, in accordance with Information Assurance (IA) program policies
-
Provide system support as a team member of the International Organization for Standardization (ISO) incident response team and assisting in performance of activities related to the Federal Network Security (FNS) incident response process
-
Conduct, track, and document required security training; and develops, updates, and maintains standard operating procedures (SOPs) and management directives to support the Information Technology Center (ITC), the Network Security Operations Center (NSOC), and the broader community
Qualifications / Experience / Education:
-
Bachelor’s degree or higher in Computer Science, Information Technology, Information Security, or similar fields
-
Public Trust Clearance
-
Minimum of five (5) years of experience
-
A minimum of at least one (1) certification must be active relating to information security such as:
-
Certified Information Systems Security Professional (CISSP)
-
Certified Authorization Professional (CAP)
-
GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
-
Certified Ethical Hacker (C/EH)
-
CompTIA Security +
-
Apply: Please send a cover letter and resume along with your salary requirements to resumes@nucrest.com.
Nucrest is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.