Position: ISSO I

• Active Secret clearance
• Must be eligible for Top-Secret clearance
• Bachelor’s degree from an accredited college or university or equivalent (documented formal training) in Computer Science, Information Systems Analysis, Science/Technology, Information Management, Information Technology, Computer Engineering and 5 years overall experience with a minimum of 3 years of documented relevant work experience performing any combination of Information SPAA, Cybersecurity, System Administration, or Engineering
• EducationSubstitution:
  • Any combination of certificates such as Microsoft’s MCSE, or Cisco’s CISM, CISA, CSSP, CCNA, CCDA, or CCNP, may be considered equivalent to 2 years of general experience/information technology experience
  • Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to 2 years of information security experience.
• 5+ years of relevant experience as ISSO, Security Analyst, Security Engineer, DevSecOps Security, or Cloud Security Engineer/Analyst
• Familiarity with program security responsibilities to include, but not limited to the NIST RMF, audit log reviews, system monitoring, SPAA processes, FISMA requirements, vulnerability & compliance scanning, continuous monitoring activities, security testing and evaluation, and security policies
• Highly specialized knowledge and expertise in one or more vertical disciplines such as law enforcement, anti-terrorism, biological science, banking, transportation, or other such disciplines as required to define/establish the functional or business direction of an enterprise, agency, or inter-agency requirement

Job Duties:

• Evaluation of the assigned Information Systems’ security control compliance with the federal requirements and the client’s monitoring strategy
• Management of emerging and defined risks associated with the administration and use of assigned Information Systems
• Coordination with the client’s Cybersecurity Unit to achieve and maintain the Information Systems’ compliance and authorization to operate (ATO)
• Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package
• Performing annual assessments to ensure compliance with the client’s policies and standards
• Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented
• Ensuring Information System Security requirement are addressed during all phases of Information Systems lifecycle
• Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance with DOJ and component policies
• Generate and interpret documentation needed to address the items detailed within the JCAM
• Work within a team environment to provide technically sound guidance in order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy
• Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required
• Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s Information System monitoring strategy
• Support the integration/testing, operations, and maintenance of systems security
• Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions
• Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures
• Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities
• Provides system operation support, administers hardware and software inventory

Preferred Qualifications:

• Ability to understand the technical impact of what a vulnerability means and explaining to a system owner, administrator, ISSM or CISO. This is necessary to portray the technical impact and risk associated with a vulnerability (CVE, patch, etc.) and translate into a POAM and Risk Based decision recommendation for the CO/AO to action on and make an informed decision. In essence not just proficiency in the (6) steps of RMF from a paperwork or process perspective
• Understanding of how to use or familiarity with the SCAP tool and STIG viewer.
• Understanding RMF Risk Management Framework Guide for Information Systems and organizations. 800-37
• Being able to analyze, implement and assess security controls from and operational, administrative, technical standpoint NIST 800-53 REV 5 Security & Privacy Controls
• Understanding the CIA triangle and processing, storing, and transmitting data in an environment
• A+, Network+, Security+, SSCP, and/or CCNA certifications
• 2 years of experience supporting validated desktop, server, network, systems administration, troubleshooting, implementation security requirements in Microsoft Windows 10, OS imaging, installation, configuring, and support & troubleshooting
• Familiarity with Splunk, Tenable.sc, and/or other system monitoring tools
• General knowledge of networking technologies such as TCP/IP ports, protocols, and services, switching, and routing
• Familiarity with security hardening guides & tools (DISA STIGs/SCAP)
• Willingness to learn modern technologies & take on new projects to grow experience.
• Ability to remain calm and composed under pressure in a high energy, fast paced environment.
• Adaptability to changing business needs.
• Comfort working with minimal daily supervision.
• Ability to balance multiple priorities.
• Working knowledge of Microsoft Office programs
• Cloud experience dealing with Cloud Architectures/Platforms and applications
• Certs such as:
  • AWS Solutions Architect - (Associate/Professional)
  • DevSecOps Engineer - (Associate/Professional)
  • AWS Machine Learning - (Specialty)
  • AWS Cloud Practitioner - (Foundational)
  • AWS Security (Specialty)
  • Azure Solutions Architect
  • Azure Certified Security or Network Engineer (Associate)
  • Azure AI fundamentals
  • Azure Data Fundamentals
  • Azure Data Scientist or Engineer Associate
  • Azure DevSecOps Engineer Expert