Posted today
Top Secret/SCI
Senior Level Career (10+ yrs experience)
$145,000 - $160,000
No Traveling
Security
Macdill AFB, FL (On/Off-Site)
Job Title: ISSO
Location: MacDill AFB, FL
Eligibility: Candidate must possess an active TS/SCI clearance
Job Description:
Develop and coordinate all authorization documentation associated
including the Systems Categorization, Systems Security Plan, and Systems
risk assessment
- Support the control assessment, reporting and monitoring processes
using the Cyber Security and Assessment Management (CSAM) system
- Assist the component with staying on track with Core Controls and
A-123 control assessment schedules
- Work with components to ensure each Risk Based Decisions (RBD's) has
a current Waivers.
- Coordinate with CSS Customer Liaison support, including status of
the process and POA&Ms.
- Support and document security controls tests, assist in remediation
and ensure that POA&Ms are being appropriately managed.
- Develop or update the Business Continuity and Contingency Plan for
the component.
- Assist the components with decisions that affect security of their
systems and networks.
- Facilitate preparations for the tri-annual Security Assessment and
Authorization (SA&A) component's Information System.
- Conduct assessments of information systems security requirements,
evaluate current security posture and recommend priorities for
remediation.
- Review information system infrastructure and application
architecture to assess security requirements
- Review existing SA&A documentation, Security Assessment Report and
security infrastructure (i.e. IDS, firewalls, vulnerability scan
tools, etc.)
- Assess NIST 800-53, Rev 4. Control and document results
- Evaluate and strengthen standard SA&A Documentation
- Perform and document risk assessments, analyzing security
vulnerabilities, and the metrics to measure the risks associated
with those vulnerabilities;
- Based on the risk profile of the analyzed systems, development and
documentation of a Plan of Action and Milestones (POA&M) for
mitigating those risks;
- Design and development of comprehensive Systems Security Plan,
covering at a high level the infrastructure, policies and procedures
which define the systems security profile for the analyzed systems;
- Development of Systems Security Users Guides specific to selected
networks, desktop computers, servers and data base systems; Design,
development, and validation of System Test and Evaluation (ST&E)
reviews for new and/or legacy systems.
- Review and conduct NIST-based Self Assessments, identifying any
weaknesses which need to be addressed, and developing a POA&M for
each of those weaknesses based on industry best practices.
- Design and development of Initial Privacy Assessment (IPA) and
Privacy Impact Assessments (PIAs) for each major Federal Government
IT Systems Developing and conducting System Test and Evaluations
(ST&Es) and Independent Verification and Validation (IV&Vs) of the
security profiles of Federal Government IT Systems
- Conduct OMB A-123 security assessments of Federal Government IT
Systems.
Required Skills
· Bachelor's Degree in Computer Science or related technical discipline,
or the equivalent combination of education, technical certifications or
training, and work experience
· 8+ years' experience performing systems security assessments,
preparing system security documentation, and/or performing security
upgrades for live networks, desktop systems, servers, and enterprise
data bases leading to successful certification and accreditation or
security authorization of such systems.
· 8+ years' experience assessing and enhancing IT systems security
policies and procedures in response to the regulatory requirements
associated with Federal and International standards.
· 8+ years IT Security experience with extensive knowledge in security
regulations and security assessments having developed numerous security
C&A (or SA&A) and ATO on a range of systems including classified systems
· Strong working knowledge with NIST Special Publications and the NIST
SP 800-37 SA using CSAM system
· TS/SCI clearance required and eligibility to obtain/maintain a CI Poly
· Current certification in one or more of the following IT Security
disciplines:
o ISACA - Certified Information Systems Auditor (CISA)
o ISACA - Certified in Risk and Information Systems Control (CRISC)
o ISACA - Certified Information Security Manager (CISM)
o ISACA - Certified in Governance of Enterprise IT(CGEIT)
o (ISC)2 - Certified Information Systems Security Professional (CISSP)
o (ISC)2 - Certified Authorization Professional (CAP)
Location: Customer Site
US Citizenship Required
Location: MacDill AFB, FL
Eligibility: Candidate must possess an active TS/SCI clearance
Job Description:
Develop and coordinate all authorization documentation associated
including the Systems Categorization, Systems Security Plan, and Systems
risk assessment
- Support the control assessment, reporting and monitoring processes
using the Cyber Security and Assessment Management (CSAM) system
- Assist the component with staying on track with Core Controls and
A-123 control assessment schedules
- Work with components to ensure each Risk Based Decisions (RBD's) has
a current Waivers.
- Coordinate with CSS Customer Liaison support, including status of
the process and POA&Ms.
- Support and document security controls tests, assist in remediation
and ensure that POA&Ms are being appropriately managed.
- Develop or update the Business Continuity and Contingency Plan for
the component.
- Assist the components with decisions that affect security of their
systems and networks.
- Facilitate preparations for the tri-annual Security Assessment and
Authorization (SA&A) component's Information System.
- Conduct assessments of information systems security requirements,
evaluate current security posture and recommend priorities for
remediation.
- Review information system infrastructure and application
architecture to assess security requirements
- Review existing SA&A documentation, Security Assessment Report and
security infrastructure (i.e. IDS, firewalls, vulnerability scan
tools, etc.)
- Assess NIST 800-53, Rev 4. Control and document results
- Evaluate and strengthen standard SA&A Documentation
- Perform and document risk assessments, analyzing security
vulnerabilities, and the metrics to measure the risks associated
with those vulnerabilities;
- Based on the risk profile of the analyzed systems, development and
documentation of a Plan of Action and Milestones (POA&M) for
mitigating those risks;
- Design and development of comprehensive Systems Security Plan,
covering at a high level the infrastructure, policies and procedures
which define the systems security profile for the analyzed systems;
- Development of Systems Security Users Guides specific to selected
networks, desktop computers, servers and data base systems; Design,
development, and validation of System Test and Evaluation (ST&E)
reviews for new and/or legacy systems.
- Review and conduct NIST-based Self Assessments, identifying any
weaknesses which need to be addressed, and developing a POA&M for
each of those weaknesses based on industry best practices.
- Design and development of Initial Privacy Assessment (IPA) and
Privacy Impact Assessments (PIAs) for each major Federal Government
IT Systems Developing and conducting System Test and Evaluations
(ST&Es) and Independent Verification and Validation (IV&Vs) of the
security profiles of Federal Government IT Systems
- Conduct OMB A-123 security assessments of Federal Government IT
Systems.
Required Skills
· Bachelor's Degree in Computer Science or related technical discipline,
or the equivalent combination of education, technical certifications or
training, and work experience
· 8+ years' experience performing systems security assessments,
preparing system security documentation, and/or performing security
upgrades for live networks, desktop systems, servers, and enterprise
data bases leading to successful certification and accreditation or
security authorization of such systems.
· 8+ years' experience assessing and enhancing IT systems security
policies and procedures in response to the regulatory requirements
associated with Federal and International standards.
· 8+ years IT Security experience with extensive knowledge in security
regulations and security assessments having developed numerous security
C&A (or SA&A) and ATO on a range of systems including classified systems
· Strong working knowledge with NIST Special Publications and the NIST
SP 800-37 SA using CSAM system
· TS/SCI clearance required and eligibility to obtain/maintain a CI Poly
· Current certification in one or more of the following IT Security
disciplines:
o ISACA - Certified Information Systems Auditor (CISA)
o ISACA - Certified in Risk and Information Systems Control (CRISC)
o ISACA - Certified Information Security Manager (CISM)
o ISACA - Certified in Governance of Enterprise IT(CGEIT)
o (ISC)2 - Certified Information Systems Security Professional (CISSP)
o (ISC)2 - Certified Authorization Professional (CAP)
Location: Customer Site
US Citizenship Required
group id: 10270075
