Job Requirements
Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking an ISSO/Control Evaluator - Low to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking a motivated and detail-oriented Junior Information Systems Security Officer (ISSO) / Control Evaluator to support the U.S. Small Business Administration (SBA). The ideal candidate is an early-career information security professional with a foundational understanding of federal information security requirements, security control frameworks, and the NIST Risk Management Framework (RMF). This individual will work under the guidance of senior ISSO and security authorization staff to support the security authorization and continuous monitoring of SBA's information systems, gaining hands-on experience in federal cybersecurity compliance and security control assessment activities.
The Junior ISSO/Control Evaluator will support the security authorization and continuous monitoring of SBA's information systems under the direction of mid-level and senior ISSO staff, assisting with security control assessments, security documentation development and maintenance, and day-to-day information security support activities.
Principal responsibilities will include but are not limited to:
Education and Experience:
Required:
Desired:
Required Skills and Competencies:
Desired Skills and Competencies:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking a motivated and detail-oriented Junior Information Systems Security Officer (ISSO) / Control Evaluator to support the U.S. Small Business Administration (SBA). The ideal candidate is an early-career information security professional with a foundational understanding of federal information security requirements, security control frameworks, and the NIST Risk Management Framework (RMF). This individual will work under the guidance of senior ISSO and security authorization staff to support the security authorization and continuous monitoring of SBA's information systems, gaining hands-on experience in federal cybersecurity compliance and security control assessment activities.
The Junior ISSO/Control Evaluator will support the security authorization and continuous monitoring of SBA's information systems under the direction of mid-level and senior ISSO staff, assisting with security control assessments, security documentation development and maintenance, and day-to-day information security support activities.
Principal responsibilities will include but are not limited to:
- Support senior ISSO staff in fulfilling Information Systems Security Officer responsibilities for assigned SBA information systems, providing day-to-day information security assistance and administrative support to system owners, program teams, and IT staff.
- Assist in supporting the NIST Risk Management Framework (RMF) lifecycle for assigned systems, including security categorization, security control selection and tailoring reviews, security control implementation documentation, security control assessment support, and continuous monitoring activities under the direction of senior security staff.
- Assist in the development, maintenance, and updating of security authorization documentation for assigned systems, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Risk Assessment Reports (RARs), and other ATO package artifacts in accordance with NIST SP 800-53 and SBA security documentation standards.
- Support the conduct of security control assessments for assigned systems, assisting senior assessors in applying NIST SP 800-53A assessment procedures to evaluate the design, implementation, and operational effectiveness of security controls, and contributing to the documentation of assessment findings in Security Assessment Reports (SARs).
- Assist in the development and maintenance of POA&M items for assigned systems, supporting the tracking of identified security weaknesses and compliance deficiencies, coordinating with system owners and IT teams on remediation activities, and maintaining accurate and current POA&M records.
- Support continuous monitoring activities for assigned systems, assisting in the collection, review, and analysis of security control assessment results, vulnerability scan findings, configuration compliance data, and other security-relevant information to support the assessment of ongoing system security posture.
- Assist in the review and analysis of vulnerability scan results for assigned systems, supporting senior ISSO staff in assessing the severity of identified vulnerabilities, tracking remediation activities, and maintaining accurate vulnerability management records.
- Support the preparation of security authorization packages for assigned systems, assisting in the compilation and quality review of ATO documentation to ensure completeness, accuracy, and alignment with SBA and federal documentation standards.
- Assist system owners, developers, and IT operations teams in understanding and implementing security requirements for assigned systems, providing basic technical guidance and information on NIST SP 800-53 security controls under the supervision of senior ISSO staff.
- Support the review and documentation of proposed system changes and configuration changes for assigned systems, assisting in the assessment of potential security impacts under the guidance of senior security staff.
- Assist in incident response coordination activities for assigned systems, supporting the collection and documentation of security incident information and facilitating communication between system owners and the SOC and incident response team.
- Support the development and maintenance of system-level security documentation for assigned systems, including configuration management plans, incident response plans, contingency plans, and other system security documentation, ensuring records remain current and accurate.
- Assist in preparing for and supporting third-party security assessments, OIG audits, and other external evaluations, supporting the collection, organization, and quality review of required evidence and supporting documentation.
- Participate in security training, professional development activities, and knowledge-sharing sessions to build foundational expertise in federal information security, RMF processes, and ISSO responsibilities.
- Contribute to the continuous improvement of SBA's security authorization and continuous monitoring program by identifying documentation inconsistencies, process inefficiencies, and areas for quality improvement, and communicating observations to senior staff.
Education and Experience:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, or a related field from an accredited college or university.
- 1-3 years of experience in information security, IT, or a related field, with demonstrated exposure to federal information security concepts, NIST frameworks, or security authorization activities.
- Basic familiarity with the NIST Risk Management Framework (RMF) process and federal information security documentation requirements.
- One or more of the following certifications:
- CompTIA Security+
- CompTIA CySA+
- GIAC Security Essentials (GSEC)
- Systems Security Certified Practitioner (SSCP)
- CompTIA A+ or Network+ (with demonstrated interest and coursework in cybersecurity)
Desired:
- 2+ years of experience in an information security, IT, or cybersecurity-related role, with hands-on exposure to federal security authorization, RMF documentation, or security control assessment activities.
- Prior internship, academic project, or work experience supporting federal government information security or cybersecurity compliance programs.
- Certified Authorization Professional (CAP) / ISC2 Certified in Governance, Risk and Compliance (CGRC) certification or active pursuit of same.
Required Skills and Competencies:
- Strong communication skills in English - both written and oral - with the ability to clearly communicate information security concepts, documentation status, and findings to peers, senior staff, and non-technical stakeholders under the guidance of senior ISSO personnel.
- Foundational understanding of the NIST Risk Management Framework (RMF) process, including the purpose and activities associated with each step of the RMF lifecycle (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor).
- Basic working knowledge of NIST SP 800-53 security and privacy controls, including the ability to read and interpret control requirements and assist in the documentation of control implementation descriptions within SSPs and related authorization artifacts.
- Familiarity with federal security authorization documentation types and their purpose, including SSPs, SARs, POA&Ms, RARs, and other ATO package components.
- Basic understanding of federal cybersecurity compliance requirements, including FISMA, OMB Circular A-130, FIPS 199, FIPS 200, and the role of these requirements in shaping ISSO responsibilities and security authorization activities.
- Foundational knowledge of vulnerability management concepts, including an understanding of common vulnerability scoring systems (CVSS) and the ability to assist in the review and interpretation of vulnerability scan results under senior staff guidance.
- Basic familiarity with continuous monitoring concepts and the role of ongoing security assessments, vulnerability scanning, and configuration compliance monitoring in maintaining the security posture of federal information systems.
- Strong attention to detail and organizational skills, with the ability to assist in managing multiple documentation and administrative tasks across assigned systems accurately and efficiently
- Demonstrated ability and willingness to work collaboratively under the direction of senior staff in a team-oriented environment, actively seeking guidance and applying feedback to improve work quality and professional growth.
- Basic familiarity with common IT concepts, including networking fundamentals, operating systems, and application security, as they relate to the implementation and assessment of security controls
- Strong work ethic, intellectual curiosity, and commitment to continuous learning and professional development in the field of federal information security and cybersecurity compliance.
- Ability to obtain and maintain a Public Trust Clearance.
Desired Skills and Competencies:
- Prior experience or academic coursework related to federal information security, NIST RMF, security control frameworks, or cybersecurity compliance, demonstrating a foundational understanding of federal security authorization concepts and processes.
- Familiarity with cloud computing concepts and basic cloud security principles, including an awareness of the security implications of cloud service adoption and FedRAMP authorization requirements within federal environments.
- Basic familiarity with GRC platforms and tools used for managing RMF documentation and POA&M tracking within federal environments, such as CSAM, Archer, or ServiceNow GRC.
- Knowledge of privacy control requirements and their relationship to ISSO responsibilities, including a basic understanding of NIST SP 800-53 privacy controls and federal privacy laws and guidance.
- Familiarity with the CDM (Continuous Diagnostics and Mitigation) program and its role in supporting continuous monitoring and cybersecurity compliance activities within federal civilian agencies.
- Basic scripting or automation skills, such as familiarity with Python or PowerShell, with an interest in applying automation to improve the efficiency of security documentation and assessment support activities.
- Familiarity with Agile and DevSecOps methodologies and an awareness of their implications for security authorization and ISSO responsibilities within iterative software development environments.
- Demonstrated interest in pursuing advanced cybersecurity certifications, such as the Certified Authorization Professional (CAP)/CGRC, CISSP, or CISM, as part of a long-term professional development plan
- Experience using Microsoft Office Suite tools, including Word, Excel, and PowerPoint, to develop, maintain, and present security documentation and program reports effectively
- Participation in cybersecurity competitions, academic research, professional associations, or other extracurricular activities demonstrating a genuine passion for information security and a commitment to professional growth in the field.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473