Senior Information System Security Officer (ISSO)

Job Description
ECS is seeking a Senior Information System Security Officer (ISSO) to work in our Redstone Arsenal, AL office. Please Note: This position is contingent upon contract award.

ECS is seeking an experienced Information Assurance professional to serve as a Senior Information Systems Security Officer (ISSO) for the FBI. As an ISSO, you will be responsible for overseeing the day-to-day operations of the FBI's information systems and applications security operations. You will work closely with key stakeholders to ensure that all systems security operations and maintenance activities are properly documented and updated as necessary.

Key Responsibilities:

• Oversee the day-to-day operations of the FBI's information systems and applications security operations
• Work with key stakeholders to ensure that all systems security operations and maintenance activities are properly documented and updated as necessary
• Assess the effectiveness of security controls against industry and customer standards
• Provide input to the Risk Management Framework (RMF) process activities and related documentation
• Develop, update, and monitor all Plans of Action and Milestones (POA&Ms) and ensure closure once requirements have been met
• Ensure that application of security patches for commercial products integrated into the system design meet the timelines dictated by the management authority for the intended operational environment
• Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
• Participate in the Agile project management methodologies used by the FBI for release planning/tracking and continuously seek to improve all aspects of security through either experience or innovation
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
• Provide cybersecurity guidance to the system owner and leadership
• Verify and update security documentation reflecting the application/system security design features
• Assess the adequate access controls based on principles of least privilege and need to know
• Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed
• Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative
• Work with stakeholders to resolve computer security incidents and vulnerability compliance
• Provide advice and input for Disaster Recovery, Contingency and Continuity of Operations plans

Working Conditions:

• This position will require working in a fast-paced environment with multiple priorities and deadlines
• The ISSO will be required to work closely with stakeholders, including system owners, leadership, and other security professionals
• The ISSO will be required to maintain a high level of security awareness and be able to identify and mitigate security risks
• The ISSO will be required to work in a team environment and be able to communicate effectively with team members and stakeholders.

Required Skills

• Top Secret clearance with the ability to obtain SCI with CI Polygraph
• Masters Degree or 5+ years' experience in Information Assurance or related field
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Knowledge of cyber threats and vulnerabilities
• Knowledge of systems security testing and evaluation methods
• Knowledge of computer networking concepts, protocols, and network security methodology
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Good communication skills, both written and verbal
• Knowledge of information technology risk management policies, requirements, and procedures
• Ability to write technical documentation

Desired Skills

• Knowledge of Agile Methodologies
• Knowledge of Operating Systems
• Skill in recognizing vulnerabilities in security systems (e.g., vulnerability and compliance scanning)
• AWS or Azure cloud certification
• ITIL v.3 or Higher
• Knowledge of software engineering
• Knowledge of system engineering process
• Skill in evaluating the adequacy of security designs
• Skill in assessing security controls based on cybersecurity principles and tenets
• Knowledge of information technology security principles and methods (e.g., firewalls, DMZs, encryption)
• Knowledge of configuration management techniques
• Knowledge of DoD/DoJ security standards and policies
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, bulletins)
• Knowledge of PII data security standards

This position offers a unique opportunity to work in a high-security environment, directly supporting national defense and law enforcement initiatives. If you are passionate about securing mission-critical systems and thrive in a fast-paced, high-stakes environment, we encourage you to apply.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.