Posted today
Unspecified
Mid Level Career (5+ yrs experience)
$140,000 - $160,000
IT - Security
Ashburn, VA (On/Off-Site)
Job Title: Cloud Security Engineer/ISSO/Cyber Security Engineer
Location: Ashburn, VA
Clearance Required: Must have existing CBP Full BI
The Information System Security Officer (ISSO) is responsible for ensuring the security and compliance of organizational information systems by implementing, monitoring, and managing cybersecurity policies, procedures, and controls. The ISSO serves as a key resource for system security, compliance, and risk management, working to protect systems and sensitive information from cybersecurity threats.
Key Responsibilities:
1. Compliance and Risk Management:
o Ensure systems comply with security frameworks (e.g., RMF, NIST 800-53, FISMA) and manage ongoing system risk through assessments and reviews.
2. Security Documentation:
o Develop, maintain, and update System Security Plans (SSPs), security assessments, and Plans of Action and Milestones (POA&Ms).
3. Monitoring and Incident Response:
o Monitor information systems for vulnerabilities and security events, and coordinate incident response efforts where needed.
4. Assessment and Authorization (A&A):
o Support the A&A process and ensure systems meet necessary requirements for Authority to Test (ATT) and Authority to Operate (ATO) or meet other regulatory accreditations.
5. Vulnerability and Configuration Management:
o Perform regular vulnerability scans, monitor patch management, and ensure secure system configurations.
6. Security Training and Awareness:
o Provide cybersecurity training and foster awareness among users to promote adherence to security policies.
7. Collaboration with Stakeholders:
o Work with IT teams, management, and external authorities to maintain alignment on security goals and address identified risks.
Qualifications and Requirements:
• Education: Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience).
• Certifications: CISSP, CAP, Security+, CISM, or other applicable certifications
• Experience: Eight (8) years of experience in information security, risk management, or related fields.
• Skills: Knowledge of RMF, NIST standards, vulnerability management, incident response, and security tools (e.g., Nessus, SIEM).
Location: Ashburn, VA
Clearance Required: Must have existing CBP Full BI
The Information System Security Officer (ISSO) is responsible for ensuring the security and compliance of organizational information systems by implementing, monitoring, and managing cybersecurity policies, procedures, and controls. The ISSO serves as a key resource for system security, compliance, and risk management, working to protect systems and sensitive information from cybersecurity threats.
Key Responsibilities:
1. Compliance and Risk Management:
o Ensure systems comply with security frameworks (e.g., RMF, NIST 800-53, FISMA) and manage ongoing system risk through assessments and reviews.
2. Security Documentation:
o Develop, maintain, and update System Security Plans (SSPs), security assessments, and Plans of Action and Milestones (POA&Ms).
3. Monitoring and Incident Response:
o Monitor information systems for vulnerabilities and security events, and coordinate incident response efforts where needed.
4. Assessment and Authorization (A&A):
o Support the A&A process and ensure systems meet necessary requirements for Authority to Test (ATT) and Authority to Operate (ATO) or meet other regulatory accreditations.
5. Vulnerability and Configuration Management:
o Perform regular vulnerability scans, monitor patch management, and ensure secure system configurations.
6. Security Training and Awareness:
o Provide cybersecurity training and foster awareness among users to promote adherence to security policies.
7. Collaboration with Stakeholders:
o Work with IT teams, management, and external authorities to maintain alignment on security goals and address identified risks.
Qualifications and Requirements:
• Education: Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience).
• Certifications: CISSP, CAP, Security+, CISM, or other applicable certifications
• Experience: Eight (8) years of experience in information security, risk management, or related fields.
• Skills: Knowledge of RMF, NIST standards, vulnerability management, incident response, and security tools (e.g., Nessus, SIEM).
group id: 91135725
