Information Systems Security Officer – Senior

Allgemeine Daten
Land: USA
Stadt: unbekannt
Arbeitgeber: ECS
Berufsfeld: Product & Operations
Vertragsart: Full-Time
Gehalt: ab USD

 

Job-Beschreibung

ECS is seeking an Information Systems Security Officer – Senior to work remotely.

ECS is looking for an experienced Information Systems Security Officer (ISSO) to join our team supporting multiple platforms to attain and/or maintain their ATOs. The ISSO will be critical in protecting our DHS customers’ information systems and ensuring compliance with federal cybersecurity regulations and policies. The ideal candidate will have a strong background in federal cybersecurity, with at least five years of hands-on experience developing, documenting, and managing Authorization to Operate (ATO) packages for federal information systems.

Responsibilities 

  • Develop, prepare, and update RMF authorization packages and security documents in accordance with NIST SP 800-53 Rev. 4/5, particularly those associated with NIST’s Risk Management Framework and FedRAMP. 
  • Applies extensive knowledge of a variety of the Cybersecurity field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems. 
  • Manage the Authorization to Operate (ATO) process throughout the system lifecycle, including initial authorization, reauthorization, and continuous monitoring activities. 
  • Conduct security assessments and information system security oversight activities, identifying potential security weaknesses and recommending improvements. 
  • Develop and maintain critical security documentation, such as System Security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Plan of Action and Milestones (POA&M). 
  • Serve as the primary point of contact for government clients and stakeholders on cybersecurity and compliance matters. 
  • Coordinate with system owners, developers, engineers, and other stakeholders to implement security controls and ensure compliance with security requirements. 
  • Manage POA&Ms, tracking remediation efforts and escalating risks as necessary. 
  • Ensure the collection, review, and documentation of audit records, using financial audit standards, classified system IA requirements and Privacy Act requirements. analyzing anomalies and ensuring proper remediation. 
  • Monitor system security configurations, audit logs, and patch management for compliance and threat detection. 
  • Vulnerability scanning execution, assessment, and analysis
  • Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide 
  • Area Networks [WAN]) 
  • Stay abreast of evolving security and risk management standards, including NIST, DoD, FISMA, FIPS, guidelines, and apply relevant changes to existing processes. 
  • Provide configuration management recommendations for security software, hardware, and firmware. 
  • Support incident response efforts and forensics investigations. 
  • Provide input to cybersecurity policy and process development and support user training and awareness initiatives.

Salary Range: $145,000 – $145,000

General Description of Benefits

Qualifications

  • Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or a related field. 
  • No Degree: 10 years of Cybersecurity & FISMA experience 
  • Bachelor’s Degree: 8 years of Cybersecurity & FISMA experience 
  • Master’s degree: 6 years of Cybersecurity & FISMA experience 
  • Proficient in the Risk Management Framework (RMF) and all associated tools (e.g., eMASS, Xacta, ACAS, Splunk, DISA STIGs, SCAP, STIG Viewer). 
  • Experience with cloud security requirements and compliance in federal environments (e.g., FedRAMP, AWS, Azure).
  • Strong understanding of federal cybersecurity policies, regulations, and guidelines, such as NIST 800-53 Rev. 4/5, FISMA, and DoD directives. 
  • Professional security certification such as CISSP, CISM, CompTIA Security+ CE, SSCP, CEH, CASP, CISA or higher, in compliance with DoD 8140 requirements. 
  • Experience interpreting vulnerability scans (e.g., ACAS, Tenable Nessus, SCAP) and developing remediation plans. 
  • Excellent written and verbal communication skills, including the ability to present complex technical information to diverse audiences. 
  • Demonstrated ability to work independently and collaboratively in a fast-paced, deadline-driven environment.
  • Outstanding problem solving and analytical skills, including ability to create clear observations, analysis and conclusions based on customer interviews and data. 
  • Minimum Education: Possesses one of the following professional security certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM) 
    • Certified Ethical Hacker (CEH)
    • CompTIA Advanced Security Practitioner (CASP)
    • Systems Security Certified Practitioner (SSCP)
    • Certified Information Systems Auditor (CISA)
    • Similar security professional certifications must be approved by the Federal PM 

 

Qualifikation des Bewerbers
unbekannt

 

Kontakt

» Zum Anbieter

Gefunden auf: Jobicy.com