Today
Public Trust
Unspecified
Unspecified
Washington, DC (On-Site/Office)
Description:
Technical ISSO
OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
Responsibilities and Duties:
• Perform detailed architecture and technical design reviews on the full stack for vendor solutions (examples of some areas requiring detailed analysis):
• Assess and document encryption standards for encryption at rest and in transit (what cipher sets are used? What type of encryption? etc.)
• Assess and document authentication mechanisms for all points in the system (Is MFA implemented at all authentication points? Is the MFA solution approved and compliant with NIST and agency standards?)
• Assess and document session management and control for all layers of the system
• Schedule and lead screen-sharing sessions with the vendors to gain a full understanding of the technology stack, document all security-relevant information required for the architecture review and create a full report for presentation to the CISO
• Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.
• Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
• Assist stakeholders with IT security-related activities to ensure project deadlines are met.
• Ensure security activities are implemented throughout the SDLC from beginning to end.
• Ensure all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
• Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
• Research assigned IT security systems to provide insight into IT security architectures and IT security recommendations for assigned systems.
• Report and respond to security incidents.
• Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched, and security hardened at all levels of the "stack," and monitor to see that vulnerabilities are remediated as appropriate.
• Promote Information Security Awareness and provide training.
Requirements:
• Bachelor's degree in Computer Science or a related field or an additional two years of industry experience.
• Six (6) years of experience in the IT security field
• Four (4) years of hands-on technical experience as a System Architect or Security Engineer
• Three (3) years+ of experience supporting A&A (NIST 800-53), compliance activities and A&A package documentation (e.g., SSPP writing, POA&M entries, inventory management)
• In depth experience with web-based application migration (e.g., on-prem to cloud), security control implementation for cloud-based infrastructure, reviewing security architecture of web-based applications and reviewing, preparing and leveraging FedRAMP Moderate packages
• In depth experience with cloud-based infrastructure security control implementation, familiarity with FedRAMP processes, and hands-on experience with web-based application migration projects
• Experience writing to and evaluating federal security requirements for federal government contracts
• Experience with vendor management and problem solving of customer issues.
• Have detailed knowledge and experience with NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices.
• Security+, CISSP, CISM, CISA, or equivalent Security certification.
• Technical expertise with Nessus Tenable Security and Invicta reports.
• Experience in reviewing 3rd party security assessment reports
• Be able to act as a quick study, have assertiveness, and the ability to present to audiences of all levels.
• Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences.
Desired Qualifications:
• Direct experience with NIST 800-171 is preferred
Clearance and Location Requirements:
• Able to be cleared for a Public Trust clearance.
• This is currently a full-time remote position.
Salary: A generous compensation package commensurate with experience and education.
Benefits:
Benefits:
OCT offers competitive compensation packages and a full suite of benefits which includes:
OCT Consulting LLC is a minority-owned, Small Disadvantaged Business (SDB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major Federal government agencies.
At OCT, we are committed to ensuring equal opportunity for all individuals, recognizing that merit and qualifications are the foundation of our hiring, promotion, and development practices. We believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. Our practices ensure fair treatment and equal access to opportunities for all, regardless of race, ethnicity, gender, sexual orientation, age, abilities, or other personal characteristics. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone's contributions are valued and recognized.
Technical ISSO
OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
Responsibilities and Duties:
• Perform detailed architecture and technical design reviews on the full stack for vendor solutions (examples of some areas requiring detailed analysis):
• Assess and document encryption standards for encryption at rest and in transit (what cipher sets are used? What type of encryption? etc.)
• Assess and document authentication mechanisms for all points in the system (Is MFA implemented at all authentication points? Is the MFA solution approved and compliant with NIST and agency standards?)
• Assess and document session management and control for all layers of the system
• Schedule and lead screen-sharing sessions with the vendors to gain a full understanding of the technology stack, document all security-relevant information required for the architecture review and create a full report for presentation to the CISO
• Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.
• Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
• Assist stakeholders with IT security-related activities to ensure project deadlines are met.
• Ensure security activities are implemented throughout the SDLC from beginning to end.
• Ensure all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
• Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
• Research assigned IT security systems to provide insight into IT security architectures and IT security recommendations for assigned systems.
• Report and respond to security incidents.
• Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched, and security hardened at all levels of the "stack," and monitor to see that vulnerabilities are remediated as appropriate.
• Promote Information Security Awareness and provide training.
Requirements:
• Bachelor's degree in Computer Science or a related field or an additional two years of industry experience.
• Six (6) years of experience in the IT security field
• Four (4) years of hands-on technical experience as a System Architect or Security Engineer
• Three (3) years+ of experience supporting A&A (NIST 800-53), compliance activities and A&A package documentation (e.g., SSPP writing, POA&M entries, inventory management)
• In depth experience with web-based application migration (e.g., on-prem to cloud), security control implementation for cloud-based infrastructure, reviewing security architecture of web-based applications and reviewing, preparing and leveraging FedRAMP Moderate packages
• In depth experience with cloud-based infrastructure security control implementation, familiarity with FedRAMP processes, and hands-on experience with web-based application migration projects
• Experience writing to and evaluating federal security requirements for federal government contracts
• Experience with vendor management and problem solving of customer issues.
• Have detailed knowledge and experience with NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices.
• Security+, CISSP, CISM, CISA, or equivalent Security certification.
• Technical expertise with Nessus Tenable Security and Invicta reports.
• Experience in reviewing 3rd party security assessment reports
• Be able to act as a quick study, have assertiveness, and the ability to present to audiences of all levels.
• Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences.
Desired Qualifications:
• Direct experience with NIST 800-171 is preferred
Clearance and Location Requirements:
• Able to be cleared for a Public Trust clearance.
• This is currently a full-time remote position.
Salary: A generous compensation package commensurate with experience and education.
Benefits:
Benefits:
OCT offers competitive compensation packages and a full suite of benefits which includes:
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee's gross salary
- Paid Time Off and Standard Government Holidays
- Life Insurance, Short- and Long-Term disability benefits
- Training Benefits
OCT Consulting LLC is a minority-owned, Small Disadvantaged Business (SDB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major Federal government agencies.
At OCT, we are committed to ensuring equal opportunity for all individuals, recognizing that merit and qualifications are the foundation of our hiring, promotion, and development practices. We believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. Our practices ensure fair treatment and equal access to opportunities for all, regardless of race, ethnicity, gender, sexual orientation, age, abilities, or other personal characteristics. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone's contributions are valued and recognized.
group id: 91130748
