Job Description Information Systems Security Officer (ISSO) - ( THE00006K ) **Serve as an ISSO supporting application development risk management framework processes for DoD and IC applications.**

**Duties/Tasks and Responsibilities:**

Ensures that system security requirements are addressed during all phases of the information systems lifecycle.

Develops and maintains security Risk Management Framework (RMF) documents, including SSPs, CONOPS, Test Plans, SCTMs and other system security documentation

Conducts reviews and updates security documentation, e.g. review and update IAW continuous monitoring and federally mandated auditing requirements.

Supports and cooperates with internal risk assessments and security impact analysis.

Authors or coordinates the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).

Supports and executes Continuous Monitoring Strategy for assigned systems.

Familiar with documenting and submitting Supply Chain Risk Management (SCRM) requirements.

Ensures compliance with annual FISMA deliverables and reporting.

Investigates any information technology or system security related incidents.

Ensures that assigned information systems are operated, maintained and decommissioned of in accordance with approved security policies and practices.

Be able to identify STIGs, SRGs and/or Hardening Guides with Control Implementations.

Supports internal system testing and the resulting problem determination and resolution process.

Requests or conducts required information system vulnerability scans in accordance to establish policy; Develop system POA&Ms in response to reported vulnerabilities.

#cjcyber

Must be DoD IAT Level 2 (CySA+ , Security+ CE etc.).

Experience performing ISSO duties within the Intelligence Community.

Knowledge of information security engineering, design concepts and related principles

Extensive knowledge and experience with current information security standards, policies and practices NIST, CNSS, FISMA, DOD, , etc.

Familiar with Splunk regarding audit search, analysis and reporting.

Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.

Familiar with Security Content Automation Protocol (SCAP) scan, vulnerability assessment tools (NESSUS/ACAS, Prism (Twistlock), etc.) and analyzing the reports generated from these tools.

Authors or coordinates the development of the Authorization Boundary Diagram to include providing inputs on the adequacy of security designs and architectures.

Desired Skills

DoD IAT Level 3 - Industry certifications such as CISSP, CEH, CASP, etc. are preferred.

Experience working with AWS and Docker containerization technologies

Physical Requirements:

Most work will be done at a desk or computer.

Work Environment:

General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.

Equipment & Machines:

General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.

Attendance:

Attendance is critical at all times. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

Other Essential Functions:

Must be able to communicate effectively both verbally and in writing

Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.

Must be able to interface with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citizen.

**Primary Location**

: United States-Virginia-Reston