Yesterday
Top Secret/SCI
Senior Level Career (10+ yrs experience)
No Traveling
Security
Washington, DC (On/Off-Site)
Information System Security Officer, Senior
Clearance Level: Top Secret/SCI
Polygraph Type: Counterintelligence
Role Title: Information System Security Officer – ITU
Responsibilities:
• Shall identify and recommend necessary updates based on security policies, standards, guidelines, and procedures to ensure compliance with regulatory requirements and organizational objectives.
• Shall conduct risk assessments and vulnerability assessments to identify, evaluate, and prioritize security risks to the organizations information systems.
• Shall develop, update and maintain the organizations security incident response plan, to include detection, response and recover based on organization objectives.
• Shall ensure security compliance based on FBI security regulations and standards, following National Institute of Standards and Technology (NIST) controls.
• Shall perform regular vulnerability and compliance scanning to support auditing and monitoring on the information systems and identify any of the findings and coordinate with key stakeholders to mitigate vulnerabilities and compliance findings.
• Shall implement and maintain security controls throughout all information systems and network environments.
• Shall maintain documentation related to security policies, procedures, standards, configurations and incidents for compliance and auditing purposes.
• Shall participate in security governance activities, including security risk assessments, security review, and security related meetings to ensure alignment with organizational goals and objectives.
• Shall provide regular reports and updates to management on the organization's security posture, including identified risks, incidents, compliance status, and remediation efforts.
• Shall assist with other duties as assigned in the unit.
• Shall operate within the Risk Management Framework (RMF), including Steps 1-6, and ensure ongoing compliance through Continuous Monitoring.
• Shall design and implement security controls and validate their effectiveness.
• Shall configure and execute Nessus scans, interpret results, and feed findings into POA&M and risk analysis processes. Shall support ATO packages and security documentation.
• Shall be able to demonstrate working in a 2417 operational environment.
• Shall assist ISSE in determining appropriate security architecture throughout the development and implementation lifecycle of the information systems.
Education Level: None
Experience (In Place of Education): None
Required Experience:
• Shall be able to demonstrate expertise in systems security requirements and policy. Shall be able to demonstrate expertise in incident response and management.
• Shall be able to demonstrate experience and knowledge with security frameworks and standards such as NIST, ISO 27001,and CIS Controls.
• Shall be able to demonstrate experience and knowledge of security technologies, tools, and methodologies (e.g. firewalls, IDS/IPS, SIEM systems).
• Shall be able to demonstrate experience and knowledge with network protocols and architecture.
• Shall be able to demonstrate experience and knowledge with data encryption techniques and key management practices. Shall be able to demonstrate experience and knowledge with compliance requirements (FISMA).
• Shall be able to demonstrate experience and knowledge with operating systems (e.g. Windows and Linux) and their security features.
• Shall be able to demonstrate experience and knowledge with conducting and analyzing system scans.
• Shall be able to demonstrate experience and knowledge with designing and implementing security internal policies, and agency standards, and procedures.
• Shall be able to demonstrate experience and knowledge with risk assessment and management techniques.
• Shall be able to demonstrate experience and knowledge with configuring and managing security tools and systems. Shall be able to demonstrate expertise in the use of threat monitoring platforms.
Preferred Experience:
• Five (5) years of ISSO experience.
• Certifications (C)ISSO, CISA, CISM, CISSP.
Clearance Level: Top Secret/SCI
Polygraph Type: Counterintelligence
Role Title: Information System Security Officer – ITU
Responsibilities:
• Shall identify and recommend necessary updates based on security policies, standards, guidelines, and procedures to ensure compliance with regulatory requirements and organizational objectives.
• Shall conduct risk assessments and vulnerability assessments to identify, evaluate, and prioritize security risks to the organizations information systems.
• Shall develop, update and maintain the organizations security incident response plan, to include detection, response and recover based on organization objectives.
• Shall ensure security compliance based on FBI security regulations and standards, following National Institute of Standards and Technology (NIST) controls.
• Shall perform regular vulnerability and compliance scanning to support auditing and monitoring on the information systems and identify any of the findings and coordinate with key stakeholders to mitigate vulnerabilities and compliance findings.
• Shall implement and maintain security controls throughout all information systems and network environments.
• Shall maintain documentation related to security policies, procedures, standards, configurations and incidents for compliance and auditing purposes.
• Shall participate in security governance activities, including security risk assessments, security review, and security related meetings to ensure alignment with organizational goals and objectives.
• Shall provide regular reports and updates to management on the organization's security posture, including identified risks, incidents, compliance status, and remediation efforts.
• Shall assist with other duties as assigned in the unit.
• Shall operate within the Risk Management Framework (RMF), including Steps 1-6, and ensure ongoing compliance through Continuous Monitoring.
• Shall design and implement security controls and validate their effectiveness.
• Shall configure and execute Nessus scans, interpret results, and feed findings into POA&M and risk analysis processes. Shall support ATO packages and security documentation.
• Shall be able to demonstrate working in a 2417 operational environment.
• Shall assist ISSE in determining appropriate security architecture throughout the development and implementation lifecycle of the information systems.
Education Level: None
Experience (In Place of Education): None
Required Experience:
• Shall be able to demonstrate expertise in systems security requirements and policy. Shall be able to demonstrate expertise in incident response and management.
• Shall be able to demonstrate experience and knowledge with security frameworks and standards such as NIST, ISO 27001,and CIS Controls.
• Shall be able to demonstrate experience and knowledge of security technologies, tools, and methodologies (e.g. firewalls, IDS/IPS, SIEM systems).
• Shall be able to demonstrate experience and knowledge with network protocols and architecture.
• Shall be able to demonstrate experience and knowledge with data encryption techniques and key management practices. Shall be able to demonstrate experience and knowledge with compliance requirements (FISMA).
• Shall be able to demonstrate experience and knowledge with operating systems (e.g. Windows and Linux) and their security features.
• Shall be able to demonstrate experience and knowledge with conducting and analyzing system scans.
• Shall be able to demonstrate experience and knowledge with designing and implementing security internal policies, and agency standards, and procedures.
• Shall be able to demonstrate experience and knowledge with risk assessment and management techniques.
• Shall be able to demonstrate experience and knowledge with configuring and managing security tools and systems. Shall be able to demonstrate expertise in the use of threat monitoring platforms.
Preferred Experience:
• Five (5) years of ISSO experience.
• Certifications (C)ISSO, CISA, CISM, CISSP.
group id: 10191027
