View all jobs

Information Systems Security Officer

Washington, DC
Information Systems Security Officer
 
Primary Responsibilities:
  • Serve as an Information Systems Security Officer for the organization and lead security officer for systems as assigned by the CISO/ISSM.
  • Provide day-to-day system security operations to ensure that operational security is maintained for various Information Systems.
  • Perform security activities to include:
    • Development and assessment of security architectures.
    • Work with ISSM/CISO to determine security control alternatives
    • Conduct Security controls and testing
    • Conduct security /supply chain /FOCI assessment of new software and tools
    • Conduct data transfer operations
    • Review network scans to determine abnormalities
    • Prepare technical documentation including the Systems Security Plan (SSP), Security Assessment Report (SAR) Risk Assessment Report (RAR), Plan of Actions and Milestones (POA&M) 
  • Create and Maintain Certification and Authorization (C&A)/ Assessment and Authorization (A&A) documentation: Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Contingency Plan, Incident Response Plan, and Configuration Management Plans
  • Assist with assessing Information Assurance long-term needs and acquisition requirements to accomplish mission objectives.
  • Implement information security standards and procedures.
  • Provide configuration management support for reviewing, coordinating, implementing, and enforcing information systems security changes to the infrastructure.
  • Evaluate security solutions to ensure they meet security requirements for processing classified information.
  • Conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DoD, and local authority’s security requirements as appropriate.
  • Advise management and stakeholders on security-related matters.
  • Ensure the operational security posture of their systems, they are responsible for the daily security operation of their assigned systems and they advise their partners on specific IT and security policy procedures.
  • Ensure that management, operational, and technical controls for securing Office are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
  • Manage changes to system and assess the security impact of those changes.
  • Prepare and review documentation to include System Security Plans, Risk Assessment Reports, Assessment and Authorization packages, and System Requirements Traceability Matrices.
  • Ensure a strong customer focus.
  • Respond to security incidents, and report incidents to the appropriate authorities.
  • Performed equipment decommissioning and sanitization.
  • Facilitate Personal Electronic Devices (PED) into and out of the SCIF as required.  Assure that all PEDs have been disabled prior to SCIF entry
  • Review existing legacy and info-share repositories and update as needed
 
Primary Skills Required:
  • Possesses 5 years of professional experience (with a Bachelor’s Degree) with experience in the areas of information assurance, accreditation and authorization (A&A) of systems (formerly referred to as certification and authorization – C&A).
  • Preferred technical experience effectively provided network and/or system administration, and/ or computer operations.
  • Experience proactively provided system security support IAW ICD 503 / Risk management Framework (RMF).
  • Candidates must have the following experience and knowledge:
    Knowledge of the DoD, IC, or national level system security initiatives and classified programs and infrastructures.
  • Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
  • Possess experience with NIST 800 publications standards.
  • Possess knowledge of how to use the NVD and NIAP portals to review software or hardware vulnerabilities
  • Knowledge of ACAS (Nessus/Tenable).
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
  • Self-motivated
 
Primary Skills Desired:
  • Possesses experience supporting the Intelligence Community (IC) including one of the following:
    • Air Force Intelligence
    • Army Intelligence
    • Central Intelligence Agency
    • Coast Guard Intelligence
    • Defense Intelligence Agency
    • Department of Energy
    • Department of Homeland Security
    • Department of State
    • Department of the Treasury
    • Drug Enforcement Administration
    • Federal Bureau of Investigation
    • Marine Corps Intelligence
    • National Geospatial-Intelligence Agency
    • National Reconnaissance Office
    • National Security Agency
    • Navy Intelligence
    • Office of the Director of National Intelligence
  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).
  • Knowledge of cloud architecture
  • Knowledge of virtualization
 
 
More Openings
Sr. Business Analyst
Sr System Engineer
Powered by