Today
Top Secret
Mid Level Career (5+ yrs experience)
$110,000 - $125,000
No Traveling
IT - Security
Centennial, CO (On-Site/Office)
On behalf of one of our customers, ClearanceJobs is seeking an experienced Information Systems Security Officer (ISSO) to facilitate A&A (Authorization & Assessment) efforts throughout multiple systems’ RMF lifecycle. This is an ON-SITE position in Denver Tech Center, CO. An active Secret clearance (with ability to upgrade to TS/SCI) is required.
The selected candidate will support multiple RMF accreditation efforts and will perform tasks that include determining DoD requirements, hardware/software configuration management (to include baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies.
The ideal candidate will have experience working as an ISSO or security relevant field and must be comfortable operating in a senior role and mentor for junior ISSOs. The selected candidate will support the System Security Managers (ISSM) and support security within assigned boundaries.
Responsibilities:
• Support day-to-day operations required to perform RMF
• Manage tasks and meet deadlines to meet security requirements
• Support customer interactions which will translate into system requirements
• Implement the Risk Management (RMF) process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
• Assist the ISSM in meeting their duties to support A&A activities and coordinate with system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
• Perform and review technical security assessments of the system(s) to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems
• Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and/or other audit activities
• Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
• Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
• Apply and maintain up to date application of Security Technical Implementation Guides (STIGs) to required components of the information systems
• Maintain inventory and asset configuration to include change management documentation
• Lead System level change request through formalized Configuration Control boards (CCB)
• Ensure that the appropriate operational security posture is maintained for the information system, working in close collaboration with the information system owner and the ISSM
• Notify ISSM when changes occur that might affect the authorization determination of the information system(s)
• Experience in advising System Administrators and Network Administrator to Remediate system decencies
• Report all security-related concerns and incidents to the ISSM
• Able to also handle security concerns in lieu of ISSM advise on security concerns IAW system procedures
Required qualifications:
• Experience developing and documenting DoD Assessment and Authorization documentation
• Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
• 5 + years of IA/Cyber Security experience
• Bachelor’s degree or higher in Computer Science or Security
• Security+, CISM, GISM certification or equivalent
• Experience with DCSA tools such as eMASS, STIGs and SCAP
• Active Secret clearance (with ability to upgrade to TS/SCI)
The selected candidate will support multiple RMF accreditation efforts and will perform tasks that include determining DoD requirements, hardware/software configuration management (to include baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies.
The ideal candidate will have experience working as an ISSO or security relevant field and must be comfortable operating in a senior role and mentor for junior ISSOs. The selected candidate will support the System Security Managers (ISSM) and support security within assigned boundaries.
Responsibilities:
• Support day-to-day operations required to perform RMF
• Manage tasks and meet deadlines to meet security requirements
• Support customer interactions which will translate into system requirements
• Implement the Risk Management (RMF) process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
• Assist the ISSM in meeting their duties to support A&A activities and coordinate with system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
• Perform and review technical security assessments of the system(s) to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems
• Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and/or other audit activities
• Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
• Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
• Apply and maintain up to date application of Security Technical Implementation Guides (STIGs) to required components of the information systems
• Maintain inventory and asset configuration to include change management documentation
• Lead System level change request through formalized Configuration Control boards (CCB)
• Ensure that the appropriate operational security posture is maintained for the information system, working in close collaboration with the information system owner and the ISSM
• Notify ISSM when changes occur that might affect the authorization determination of the information system(s)
• Experience in advising System Administrators and Network Administrator to Remediate system decencies
• Report all security-related concerns and incidents to the ISSM
• Able to also handle security concerns in lieu of ISSM advise on security concerns IAW system procedures
Required qualifications:
• Experience developing and documenting DoD Assessment and Authorization documentation
• Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
• 5 + years of IA/Cyber Security experience
• Bachelor’s degree or higher in Computer Science or Security
• Security+, CISM, GISM certification or equivalent
• Experience with DCSA tools such as eMASS, STIGs and SCAP
• Active Secret clearance (with ability to upgrade to TS/SCI)
group id: ClearanceJobsSC
