SENIOR ISSO / ISSE
SENIOR ISSO / ISSE
Candidate MUST HAVE a TS/SCI and Polygraph security clearance in order to be considered.
This program is responsible for building, designing and maintaining a technical environment for the customer to be able to run and use its analytics tools. Their major efforts are focused around bringing everything up into the AWS Cloud. There is an immediate need for an Information System Security Officer (ISSO). The candidate would be responsible for working across the division to support various scrum teams and critical systems that contain very sensitive data
- Perform system scan to include but not limited to network devices (e.g. routers, switches, firewalls), servers (e.g. Windows, Linux), databases (e.g. Oracle, MySQL, SQL Server, etc.), and web services (e.g. IIS, Apache, Tomcat, Phusion Passenger, etc.), and document the findings within a system Plan of Actions and Milestones (POA&M).
- Ensuring the appropriate operational security posture is maintained for an information system (IS) and as such, works in close collaboration with the Information System Security Manager.
- Expertise required to manage the security aspects of an IS and is assigned responsibility for the day-to-day security operations of a system.
- Actively works closely with the IGO, Information System Security Manager, Data Owner, System Owner and plays an active role in monitoring a system and its environment of operation to include developing and updating the System Security Plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes.
- Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package;
- Report all security-related incidents to the Information System Security Manager;
- Conduct periodic reviews of ISs to ensure compliance with the security authorization package;
- Coordinate any changes or modifications to hardware, software, or firmware of a system with the Information System Security Manager prior to the change;
- Formally notify the Information System Security Manager when changes occur that might affect system authorization;
- Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly;
- Ensure all IS security-related documentation is current and accessible to properly authorized individuals;
- Ensure audit records are collected and reviewed;
- Review of audit logs and continuous monitoring tools for IT systems to identify anomalies, hacking, or insider threats;
- Work with peers in related Security disciplines to develop, coordinate, publish, and maintain a common body of security training materials, standards, directives, policies and procedures to enhance the security program in protecting sensitive information;
- Build strong relationships within the Security organization and IT staff to hone best practices and drive consistency, and also coordinate with program management;
- Train and consult with fellow ISSOs and others, who accomplish day-to-day tasks
- ISSO experience
- Experience with network devices (e.g. routers, switches, firewalls), servers (e.g. Windows, Linux), databases (e.g. Oracle, MySQL, SQL Server, etc.), and web services (e.g. IIS, Apache, Tomcat, Phusion Passenger, etc.), and document the findings within a system Plan of Actions and Milestones (POA&M).
- Experience developing and updating the System Security Plan
- System Audit experience
- RMF experience
Job Type: FT