Oct 18
Top Secret
Senior Level Career (10+ yrs experience)
No Traveling
IT - Security
Washington, DC (On-Site/Office)
CLOUD INFORMATION SYSTEMS SECURITY OFFICER, SR (ISSO, SR.)
Job Description
SECURITY CLEARANCE: Active Top Secret with ability to obtain TS/SCI/CI Poly.
LOCATION: Washington, D.C. (on-site)
The primary location for performance of this task order will be at Government facilities (CONUS) in
the Washington, D.C.
COMPENSATION RANGE: $180,000 - $195,000.
Final compensation will be determined, but not limited to, through a holistic view of the individual
taking into account experience, expertise, education, certifications, ability to work in a team
environment, customer interface capabilities, etc…
HOURS OF OPERATION:
You will be required to perform the services specified in this task order 8 hours per day or 40 hours per week between the operating hours of 6:00 AM and 6:00 PM (ET) Monday through Friday except on Federal holidays or when the Government facility is closed.
PROGRAM DESCRIPTION:
MicroSys (www.microsysllc.com) is providing Information Security as a Service (ISaaS) to the
Department of Justice (DOJ), Federal Bureau of Investigation (FBI). The scope consists of the
following areas: 1) Information Systems Security Engineering; 2) Information Systems Security
Management; and 3) Information Systems Security Maintenance. As part of that mission, the OCIO
provides cybersecurity strategy, training and services to the FBI enterprise.
TASKS:
Information Systems Operations:
Services to support IS Security performed by the Information System Security Officer (ISSO) at a
minimum, shall consist of to the following activities:
• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance
of the security configuration, practices, and procedures for each IS
• Provide liaison support between the system owner and other IS security personnel
• Ensure that selected security controls are implemented and operating as intended during
all phases of the IS lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and
updated on a continuous basis
• Conduct required IS vulnerability scans according to risk assessment parameters.
• Develop Plan of Action and Milestones (POAMs) in response to reported security
vulnerabilities
• Manage the risks to ISs and other FBI assets by coordinating appropriate correction or
mitigation actions, and oversee and track the timely completion of (POAMs)
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC)
application to support security control implementation during the monitoring phase
• Ensure that changes to an FBI IS, its environment, and/or operational needs that may
affect the authorization status are reported to the system owner and IS Security Manager
(ISSM)
• Ensure the removal and retirement of ISs being decommissioned in coordination with the
system owner, ISSM, and ISSR
Leads Risk Management Assessment and Authorization (A&A) processes for systems in
the Cloud
• Performs Cloud system risk assessments while enhancing their current process workflows
and developing new processes
• Works with government and industry customers to provide cyber security expertise for an
AWS or Oracle Cloud Infrastructure (OCI) program
• Demonstrate working in an operational environment where priorities change frequently.
• Provide Information Assurance perspective and guidance during cloud
planning/discussions and provide security support with reach back to OCIO as needed.
• Recommend best practices with regards to information security, information assurance,
and cloud cyber security.
• Support making recommendations to leadership and developing a monitoring and event
logging strategy in the cloud as the FBI/OCIO considers future cloud migration efforts.
Minimum Qualifications:
- Required to hold at least one of the following certifications: Certified Information Systems Security
Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced
Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described
in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
- Additional requirement to hold at least one Security certification from AWS, Azure, or GCP:
- AWS Certified Security – Specialty
- (ISC)2 Certified Cloud Security Professional (CCSP)
- AWS Certified Solutions Architect – Associate
- AZ-500: Microsoft Certified: Azure Security Engineer Associate
- Google - Professional Cloud Security Engineer
- At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility
- Minimum of 9 years of work experience in a computer science or Cybersecurity related field
- Familiarity with the use and operation of security tools including Tenable Nessus and/or Security
Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
- Bachelor’s degree and/or advanced degree in computer science, business management, or IT related
discipline is preferred plus 7 years of IT Security related experience (with a min. 2 years of FISMA
experience)
- 7+ years of experience serving as an ISSO at a cleared facility.
- 9+ years of professional experience in cybersecurity or computer science related field.
- 7+ years of experience directly performing Assessments and Authorizations, knowledge of
specific NIST guidelines including FIPS-199 and Special Publications 800-53, 800-18, 800-
30, 800-37, 800-60.
- Familiarity with the use and operation of security tools including Tenable Nessus and/or
Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar
applications.
- In addition to the Cloud Certifications above hold at least one of the following certifications:
o Certified Information Systems Security Professional (CISSP), or
o CISM or
o Global Information Security Professional (GISP), or
o the CompTIA Advanced Security Practitioner (CASP) or
o other certifications exemplifying skill sets such as those described in DoD
Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
- Knowledge of information security engineering, design concepts and principles.
- Ability to handle stress and work well under pressure, Ability to use MS Office, Ability to
use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening
Skills, Multi-tasking Ability, Oral and Written Communication Skills.
OPPORTUNITY
This is a tremendous opportunity for experienced Cyber Security Engineers to further their hands
on technical skills in full life cycle security engineering in a highly technical environment using
excellent state of the art technologies. This program is of significant size, scope, and complexity
that will allow the selected individual to expand and grow their career.
THE COMPANY
Founded in 2002, MicroSys (www.microsysllc.com) is “Golden Rule” driven Federal Cyber Security
and Systems Engineering 8(m) EDWOSB headquartered in Gainesville, Virginia. We integrate
people, processes, and technology to delivery value driven IT solutions to our customers
nationwide. Our focus is enabling the United States Government, specifically focused in the
Intelligence Community; Homeland Security & Law Enforcement; and Armed Forces, to meet their
mission-critical objectives through the use of highly advanced and cost-effective technology
solutions.
At MicroSys, we value our employees. So much so we developed an entire methodology around
helping our employees grow themselves and their careers (MicroSys Employee Growth Strategy or
MEGS). Taking great care of each employee is highly important at MicroSys and it's why we have
a tremendously high retention rate.
If you're tired of being just another number and want to work for a company that truly watches out
for its employees on an individually basis then strongly consider MicroSys.
MicroSys provides a very thorough benefits program, which includes the following:
§ Medical/Health Insurance
§ Vision Insurance
§ Dental Insurance
§ Life Insurance
§ Life and AD&D Insurance
§ Short-Term Disability Insurance
§ Long-Term Disability Insurance
§ Retirement Plan
§ 529-College Savings Program
§ Paid Time Off (PTO) –
o Years 1-3 15 days (120 hours) per calendar year
o Years 4-7 20 days (160 hours) per calendar year
o Years 7+ 25 days (200 hours) per calendar year
§ Paid Holidays
§ Parking/Metro Reimbursement
§ Direct Deposit
§ Section 125
§ Employee Bonus Program
§ Employee Referral Bonus
Job Description
SECURITY CLEARANCE: Active Top Secret with ability to obtain TS/SCI/CI Poly.
LOCATION: Washington, D.C. (on-site)
The primary location for performance of this task order will be at Government facilities (CONUS) in
the Washington, D.C.
COMPENSATION RANGE: $180,000 - $195,000.
Final compensation will be determined, but not limited to, through a holistic view of the individual
taking into account experience, expertise, education, certifications, ability to work in a team
environment, customer interface capabilities, etc…
HOURS OF OPERATION:
You will be required to perform the services specified in this task order 8 hours per day or 40 hours per week between the operating hours of 6:00 AM and 6:00 PM (ET) Monday through Friday except on Federal holidays or when the Government facility is closed.
PROGRAM DESCRIPTION:
MicroSys (www.microsysllc.com) is providing Information Security as a Service (ISaaS) to the
Department of Justice (DOJ), Federal Bureau of Investigation (FBI). The scope consists of the
following areas: 1) Information Systems Security Engineering; 2) Information Systems Security
Management; and 3) Information Systems Security Maintenance. As part of that mission, the OCIO
provides cybersecurity strategy, training and services to the FBI enterprise.
TASKS:
Information Systems Operations:
Services to support IS Security performed by the Information System Security Officer (ISSO) at a
minimum, shall consist of to the following activities:
• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance
of the security configuration, practices, and procedures for each IS
• Provide liaison support between the system owner and other IS security personnel
• Ensure that selected security controls are implemented and operating as intended during
all phases of the IS lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and
updated on a continuous basis
• Conduct required IS vulnerability scans according to risk assessment parameters.
• Develop Plan of Action and Milestones (POAMs) in response to reported security
vulnerabilities
• Manage the risks to ISs and other FBI assets by coordinating appropriate correction or
mitigation actions, and oversee and track the timely completion of (POAMs)
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC)
application to support security control implementation during the monitoring phase
• Ensure that changes to an FBI IS, its environment, and/or operational needs that may
affect the authorization status are reported to the system owner and IS Security Manager
(ISSM)
• Ensure the removal and retirement of ISs being decommissioned in coordination with the
system owner, ISSM, and ISSR
Leads Risk Management Assessment and Authorization (A&A) processes for systems in
the Cloud
• Performs Cloud system risk assessments while enhancing their current process workflows
and developing new processes
• Works with government and industry customers to provide cyber security expertise for an
AWS or Oracle Cloud Infrastructure (OCI) program
• Demonstrate working in an operational environment where priorities change frequently.
• Provide Information Assurance perspective and guidance during cloud
planning/discussions and provide security support with reach back to OCIO as needed.
• Recommend best practices with regards to information security, information assurance,
and cloud cyber security.
• Support making recommendations to leadership and developing a monitoring and event
logging strategy in the cloud as the FBI/OCIO considers future cloud migration efforts.
Minimum Qualifications:
- Required to hold at least one of the following certifications: Certified Information Systems Security
Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced
Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described
in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
- Additional requirement to hold at least one Security certification from AWS, Azure, or GCP:
- AWS Certified Security – Specialty
- (ISC)2 Certified Cloud Security Professional (CCSP)
- AWS Certified Solutions Architect – Associate
- AZ-500: Microsoft Certified: Azure Security Engineer Associate
- Google - Professional Cloud Security Engineer
- At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility
- Minimum of 9 years of work experience in a computer science or Cybersecurity related field
- Familiarity with the use and operation of security tools including Tenable Nessus and/or Security
Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
- Bachelor’s degree and/or advanced degree in computer science, business management, or IT related
discipline is preferred plus 7 years of IT Security related experience (with a min. 2 years of FISMA
experience)
- 7+ years of experience serving as an ISSO at a cleared facility.
- 9+ years of professional experience in cybersecurity or computer science related field.
- 7+ years of experience directly performing Assessments and Authorizations, knowledge of
specific NIST guidelines including FIPS-199 and Special Publications 800-53, 800-18, 800-
30, 800-37, 800-60.
- Familiarity with the use and operation of security tools including Tenable Nessus and/or
Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar
applications.
- In addition to the Cloud Certifications above hold at least one of the following certifications:
o Certified Information Systems Security Professional (CISSP), or
o CISM or
o Global Information Security Professional (GISP), or
o the CompTIA Advanced Security Practitioner (CASP) or
o other certifications exemplifying skill sets such as those described in DoD
Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
- Knowledge of information security engineering, design concepts and principles.
- Ability to handle stress and work well under pressure, Ability to use MS Office, Ability to
use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening
Skills, Multi-tasking Ability, Oral and Written Communication Skills.
OPPORTUNITY
This is a tremendous opportunity for experienced Cyber Security Engineers to further their hands
on technical skills in full life cycle security engineering in a highly technical environment using
excellent state of the art technologies. This program is of significant size, scope, and complexity
that will allow the selected individual to expand and grow their career.
THE COMPANY
Founded in 2002, MicroSys (www.microsysllc.com) is “Golden Rule” driven Federal Cyber Security
and Systems Engineering 8(m) EDWOSB headquartered in Gainesville, Virginia. We integrate
people, processes, and technology to delivery value driven IT solutions to our customers
nationwide. Our focus is enabling the United States Government, specifically focused in the
Intelligence Community; Homeland Security & Law Enforcement; and Armed Forces, to meet their
mission-critical objectives through the use of highly advanced and cost-effective technology
solutions.
At MicroSys, we value our employees. So much so we developed an entire methodology around
helping our employees grow themselves and their careers (MicroSys Employee Growth Strategy or
MEGS). Taking great care of each employee is highly important at MicroSys and it's why we have
a tremendously high retention rate.
If you're tired of being just another number and want to work for a company that truly watches out
for its employees on an individually basis then strongly consider MicroSys.
MicroSys provides a very thorough benefits program, which includes the following:
§ Medical/Health Insurance
§ Vision Insurance
§ Dental Insurance
§ Life Insurance
§ Life and AD&D Insurance
§ Short-Term Disability Insurance
§ Long-Term Disability Insurance
§ Retirement Plan
§ 529-College Savings Program
§ Paid Time Off (PTO) –
o Years 1-3 15 days (120 hours) per calendar year
o Years 4-7 20 days (160 hours) per calendar year
o Years 7+ 25 days (200 hours) per calendar year
§ Paid Holidays
§ Parking/Metro Reimbursement
§ Direct Deposit
§ Section 125
§ Employee Bonus Program
§ Employee Referral Bonus
group id: 10190238
