Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
$150,000 and above
Occasional travel
IT - Security
Rate: Targeting $70/hr - 90/hr
Location: Remote working EST/CST time zones
The Information Systems Security Officer (ISSO) positions support the establishment, implementation, and maintenance of a life-cycle security model that develops, maintains, and dispositions information systems, services, and data, and safeguards their confidentiality, integrity, and availability. The ISSO coordinates with system owners to ensure systems are operated and maintained in accordance with security policies and practices and reports all information system security incidents through the appropriate channels. Some of the applications and tool sets that are currently being used to perform the ISSO support functions are Joint Cybersecurity Authorization Management (JCAM), Telos Xacta, GITLAB, Atlassian JIRA, Atlassian Confluence, SharePoint, Splunk, BigFix, and Tenable Security Center. Vendors are responsible for supporting additional applications and tool sets as needed. Vendors are required to provide input regarding Interconnection Security Agreement (ISA) and Security Assessment Report on an as needed basis.
Provides continuous security monitoring, software engineering, and software analysis services for Systems and services. Through Security Assessments & Authorizations and continuous security monitoring, ensures ongoing awareness of the confidentiality, integrity, and availability of the CJIS information and information systems. Conducts comprehensive, formal, independent assessment of the management, operation, and technical security controls of System to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting security requirements. These assessments serve as a key input into the risk management program and to the continuous monitoring of the security of systems and services. Utilizing an extensive variety of automated vulnerability assessment tools and techniques, continuously accesses security on large and complex variety of operating systems (OS), databases, web applications and services, appliances, network devices, and numerous other applications and devices. Facilitates security monitoring, software engineering, and software analysis services. Includes a system that consists of multiple cloud-hosted security tools to enable software, platform, and infrastructure security assessments and monitoring. These tools are critical to enabling the team to perform security assessments and continuous monitoring of systems and software including identification of software security vulnerabilities; security analysis of source code and open source software; identification of security misconfigurations; and vulnerability assessment of infrastructure-as-code; and container applications and environments.
CSAS toolset and supporting applications currently includes Tenable Security Center, Microsoft Defender for Endpoint, BigFix, OWASP Zap, BurpSuite, Black Duck, Coverity, Software Risk Manager, Checkov, Trivy, ClamAV, Red Hat Advanced Cluster Security for Kubernetes, Jira, Confluence, Bitbucket, Bamboo, and SharePoint. These tools are subject to change, and Vendors are responsible for supporting these and additional applications and toolsets, as needed.
Conducts security functional requirements such as
Testing of system applications and components, and overall system architecture to verify and validate conformance with specified security policies and requirements
Conducting ongoing security functional requirements testing and security assessments of CJIS information system hardware, software, and applications, and overall system architecture to verify and validate that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and procedures
Providing Subject Matter Expert (SME) input to support penetration testing, application manipulation, and social engineering assessments
Performing periodic mandated vulnerability assessment scans of CJIS information systems on an as-needed basis to meet mandated requirements, documenting any identified deviations, and notifying system and management personnel
Performing multiple IT Security support services associated with security functional testing, vulnerability assessments, code assessments, and penetration testing
Monitoring trends found in software security assessments for frequent insecure practices and providing examples of alternative methods that can be used to produce similar functionality securely
Providing security functional, vulnerability, and penetration test schedules as assigned, encompassing CJIS information system security test and known, and/or mandated, security test efforts for scheduling purposes and allocation of resources through the normal change management process
Preparing security vulnerability and penetration testing methodologies as assigned, developing test plans
Reviewing various web service implementations before being deployed to an Operational
Environment (OE), including manual assessments and testing, web services description language
(WSDL) reviews, and architecture and framework design reviews
Supporting the process of information systems, to verify and validate conformance to Federal policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with EISS certification testing methodologies and strategies
Performing duties and responsibilities associated with network and system mapping to produce overall architecture, information flows, entry and exit points, security features, and profiles of information systems
Assisting with installation, configuration and maintenance of operating systems, tools and applications
Providing presentations, briefings, and knowledge transfers as assigned
Developing applicable reports (e.g. risk, assessment, test reports), as assigned
Evaluating test data
Creating assessment and test reports including comprehensive reports for assessment-based tasks and propositions for system security enhancements.
We are an Equal Opportunity Employer committed to a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, gender identity, national origin, disability, or veteran status. We value diverse perspectives and actively seek to create an inclusive environment that celebrates the unique qualities of all employees
Location: Remote working EST/CST time zones
The Information Systems Security Officer (ISSO) positions support the establishment, implementation, and maintenance of a life-cycle security model that develops, maintains, and dispositions information systems, services, and data, and safeguards their confidentiality, integrity, and availability. The ISSO coordinates with system owners to ensure systems are operated and maintained in accordance with security policies and practices and reports all information system security incidents through the appropriate channels. Some of the applications and tool sets that are currently being used to perform the ISSO support functions are Joint Cybersecurity Authorization Management (JCAM), Telos Xacta, GITLAB, Atlassian JIRA, Atlassian Confluence, SharePoint, Splunk, BigFix, and Tenable Security Center. Vendors are responsible for supporting additional applications and tool sets as needed. Vendors are required to provide input regarding Interconnection Security Agreement (ISA) and Security Assessment Report on an as needed basis.
Provides continuous security monitoring, software engineering, and software analysis services for Systems and services. Through Security Assessments & Authorizations and continuous security monitoring, ensures ongoing awareness of the confidentiality, integrity, and availability of the CJIS information and information systems. Conducts comprehensive, formal, independent assessment of the management, operation, and technical security controls of System to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting security requirements. These assessments serve as a key input into the risk management program and to the continuous monitoring of the security of systems and services. Utilizing an extensive variety of automated vulnerability assessment tools and techniques, continuously accesses security on large and complex variety of operating systems (OS), databases, web applications and services, appliances, network devices, and numerous other applications and devices. Facilitates security monitoring, software engineering, and software analysis services. Includes a system that consists of multiple cloud-hosted security tools to enable software, platform, and infrastructure security assessments and monitoring. These tools are critical to enabling the team to perform security assessments and continuous monitoring of systems and software including identification of software security vulnerabilities; security analysis of source code and open source software; identification of security misconfigurations; and vulnerability assessment of infrastructure-as-code; and container applications and environments.
CSAS toolset and supporting applications currently includes Tenable Security Center, Microsoft Defender for Endpoint, BigFix, OWASP Zap, BurpSuite, Black Duck, Coverity, Software Risk Manager, Checkov, Trivy, ClamAV, Red Hat Advanced Cluster Security for Kubernetes, Jira, Confluence, Bitbucket, Bamboo, and SharePoint. These tools are subject to change, and Vendors are responsible for supporting these and additional applications and toolsets, as needed.
Conducts security functional requirements such as
Testing of system applications and components, and overall system architecture to verify and validate conformance with specified security policies and requirements
Conducting ongoing security functional requirements testing and security assessments of CJIS information system hardware, software, and applications, and overall system architecture to verify and validate that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and procedures
Providing Subject Matter Expert (SME) input to support penetration testing, application manipulation, and social engineering assessments
Performing periodic mandated vulnerability assessment scans of CJIS information systems on an as-needed basis to meet mandated requirements, documenting any identified deviations, and notifying system and management personnel
Performing multiple IT Security support services associated with security functional testing, vulnerability assessments, code assessments, and penetration testing
Monitoring trends found in software security assessments for frequent insecure practices and providing examples of alternative methods that can be used to produce similar functionality securely
Providing security functional, vulnerability, and penetration test schedules as assigned, encompassing CJIS information system security test and known, and/or mandated, security test efforts for scheduling purposes and allocation of resources through the normal change management process
Preparing security vulnerability and penetration testing methodologies as assigned, developing test plans
Reviewing various web service implementations before being deployed to an Operational
Environment (OE), including manual assessments and testing, web services description language
(WSDL) reviews, and architecture and framework design reviews
Supporting the process of information systems, to verify and validate conformance to Federal policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with EISS certification testing methodologies and strategies
Performing duties and responsibilities associated with network and system mapping to produce overall architecture, information flows, entry and exit points, security features, and profiles of information systems
Assisting with installation, configuration and maintenance of operating systems, tools and applications
Providing presentations, briefings, and knowledge transfers as assigned
Developing applicable reports (e.g. risk, assessment, test reports), as assigned
Evaluating test data
Creating assessment and test reports including comprehensive reports for assessment-based tasks and propositions for system security enhancements.
We are an Equal Opportunity Employer committed to a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, gender identity, national origin, disability, or veteran status. We value diverse perspectives and actively seek to create an inclusive environment that celebrates the unique qualities of all employees
group id: 10117305
