View all jobs
Senior Cloud ISSO
Washington, DCClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!
We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more!
We are seeking a Senior level Cloud ISSO with a Top-Secret clearance. All applicants must have at least 7 years’ experience serving as an Information Systems Security Officer (ISSO) at a cleared facility and a minimum of 9 years of work experience in a computer science or Cybersecurity related field.
Services to support IS Security performed by the Information System Security Officer (ISSO) at a
minimum, shall consist of to the following activities:
• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
• Provide liaison support between the system owner and other IS security personnel
• Ensure that selected security controls are implemented and operating as intended during all
phases of the IS lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
• Conduct required IS vulnerability scans according to risk assessment parameters
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation
actions, and oversee and track the timely completion of (POAMs)
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application
to support security control implementation during the monitoring phase
• Ensure changes to FBI IS, its environment, and/or operational needs that may affect the
authorization status are reported to the System Owner and IS Security Manager (ISSM)
• Ensure the removal and retirement of IS being decommissioned is in coordination with the
System Owner, ISSM, and ISSR
• Leads Risk Management Assessment and Authorization (A&A) processes for systems in the
Cloud
• Performs Cloud system risk assessments while enhancing their current process workflows and
developing new processes
• Works with government and industry customers to provide cyber security expertise for an AWS or Oracle Cloud Infrastructure (OCI) program
• Demonstrate working in an operational environment where priorities change frequently.
• Provide Information Assurance perspective and guidance during cloud planning/discussions and
provide security support with reach back to OCIO as needed.
• Recommend best practices with regards to information security, information assurance, and cloud cyber security.
• Support making recommendations to leadership and developing a monitoring and event logging strategy in the cloud as the FBI/OCIO considers future cloud migration efforts
Required Skills
At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility and a minimum of 9 years of work experience in a computer science or Cybersecurity related field. Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
Certification Requirements
Required to hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
Additional requirement to hold at least one Security certification from AWS, Azure, or GCP:
• AWS Certified Security – Specialty
• (ISC)2 Certified Cloud Security Professional (CCSP)
• AWS Certified Solutions Architect – Associate
• AZ-500: Microsoft Certified: Azure Security Engineer Associate
• Google - Professional Cloud Security Engineer
Education Requirements
Bachelor’s and/or advanced degree in computer science, business management, or IT related
discipline is preferred.
We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more!
We are seeking a Senior level Cloud ISSO with a Top-Secret clearance. All applicants must have at least 7 years’ experience serving as an Information Systems Security Officer (ISSO) at a cleared facility and a minimum of 9 years of work experience in a computer science or Cybersecurity related field.
Services to support IS Security performed by the Information System Security Officer (ISSO) at a
minimum, shall consist of to the following activities:
• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
• Provide liaison support between the system owner and other IS security personnel
• Ensure that selected security controls are implemented and operating as intended during all
phases of the IS lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
• Conduct required IS vulnerability scans according to risk assessment parameters
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation
actions, and oversee and track the timely completion of (POAMs)
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application
to support security control implementation during the monitoring phase
• Ensure changes to FBI IS, its environment, and/or operational needs that may affect the
authorization status are reported to the System Owner and IS Security Manager (ISSM)
• Ensure the removal and retirement of IS being decommissioned is in coordination with the
System Owner, ISSM, and ISSR
• Leads Risk Management Assessment and Authorization (A&A) processes for systems in the
Cloud
• Performs Cloud system risk assessments while enhancing their current process workflows and
developing new processes
• Works with government and industry customers to provide cyber security expertise for an AWS or Oracle Cloud Infrastructure (OCI) program
• Demonstrate working in an operational environment where priorities change frequently.
• Provide Information Assurance perspective and guidance during cloud planning/discussions and
provide security support with reach back to OCIO as needed.
• Recommend best practices with regards to information security, information assurance, and cloud cyber security.
• Support making recommendations to leadership and developing a monitoring and event logging strategy in the cloud as the FBI/OCIO considers future cloud migration efforts
Required Skills
At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility and a minimum of 9 years of work experience in a computer science or Cybersecurity related field. Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
Certification Requirements
Required to hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
Additional requirement to hold at least one Security certification from AWS, Azure, or GCP:
• AWS Certified Security – Specialty
• (ISC)2 Certified Cloud Security Professional (CCSP)
• AWS Certified Solutions Architect – Associate
• AZ-500: Microsoft Certified: Azure Security Engineer Associate
• Google - Professional Cloud Security Engineer
Education Requirements
Bachelor’s and/or advanced degree in computer science, business management, or IT related
discipline is preferred.