Information Systems Security Officer (ISSO)


Perspecta


Posted Under: Washington, DC jobs in IT / Software / Systems; IT / Software / Systems jobs in zipcode 20599
Posted On: 2019-02-12

Overview



Every day at Perspecta, we enable hundreds of thousands of people to take on our nations most important work. Were a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nations most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselvesto respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers.

Perspecta works with U.S. government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many waysnot only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter.

Perspectas talented and robust workforce14,000 strongstands ready to welcome you to the team. Lets make an impact together.

Perspecta is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories



Responsibilities



Top Secret clearance required

Job Description:

Ensure that the appropriate operational security posture is maintained for assigned Information Systems (IS) under his/her

purview, will work in close collaboration with the Information Systems Security Manager (ISSM), the Information System

Owner (ISO), and other IS Stakeholders. The candidate will ensure that cyber security requirements are effectively

integrated into the IS operations, management, and documentation. The candidate will provide critical systems,

application and infrastructure support to our Customer. The candidate will have the opportunity to work with a Team of

ISSOs across multiple technical areas, on various system classification types and categorizations, as well as have the

opportunity to collaborate with a diverse group of security professionals. Responsibilities include, but are not limited to:



  • Work in close coordination with all system stakeholders;
  • Create and maintain existing information system security documentation, including System Security Plan (SSP), Security


    Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system)



    • Develop or modify implementation and design documents describing how security features are implemented
    • Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST


      Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions



      • Track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
      • Responsible for elements of physical and environmental protection, personnel security, incident handling, and security


        training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security

        policies and procedures



        • Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security


          responsibilities before being granted access to the system, and periodically thereafter



          • Create security policies and maintain existing information system security documentation
          • Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package
          • Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA tools,


            including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring

            capabilities



            • Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the


              assessment of a potential changes security impact



              • Conduct daily, weekly and monthly audit review and management of the audit collection system
              • Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit


                program



                • Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing


                  applicability to existing systems, and ensuring closure



                  • Provide direction and guidance to less experienced IA personnel
                  • Remain sensitive to security infractions and assist in security investigations and responses as requested
                  • Monitor system recovery processes to ensure security features and functions are properly restored and functioning


                    correctly following an outage



                    Qualifications



                    Requires 16+ years with BS/BA or 14+ years with MS/MA or 10+ years with Ph.D.

                    - A minimum of five (5) years of work experience in computer science or cyber security-related field.



                    • Active Top Secret clearance, and SCI capable
                    • Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and


                      53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice.



                      • Extensive background with DITSCAP/DIACAP may be substituted in some cases.
                      • Certified in at least one of the following certifications exemplifying DoD 8570.1 IAM level III proficiency during the life of


                        the contract:



                        • International Information Systems Security Certification Consortium (ISC2) Certified Information systems Security


                          Professional (CISSP),



                          • Global Information Assurance Certification (GIAC) Information Security Professional (GISP),

                            - Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other
                          • Bachelors or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable.
                          • Familiarity with the use and operation of such tools such as Tenables Nessus and/or Security Center, IBM Guardium,


                            HP WebInspect, AppDetect, Network Mapper (NMAP), or like applications;



                            • Knowledge and experience with security efforts related to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and


                              Oracle.



                              • Experience implementing and using various IA tools including vulnerability assessment, patch management, audit


                                collection, audit review, audit management, and end-point protection



                                • Analytical skills, with the capacity to quantify and/or qualify risks as they relate to the enterprise systems
                                • Good communications skills, both in writing and orally

                                  #LI







                                  Options

Apply for this job, view similar jobs, and more at http://www.localjobboard.com/washington.dc-jobs/3793913377!