Job highlights
Identified by Google from the original job post
Qualifications
Certified Advanced Security Professional (CASP+)
CAP - Certified Authorization Professional
CISA - Certified Information Systems AuditorCertified Advanced Security Professional (CASP+)
Certified Advanced Security Professional (CASP+)
CAP - Certified Authorization Professional
CISA - Certified Information Systems AuditorCertified Advanced Security Professional (CASP+)
Education, Background, and Years of Experience
Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university
Must have a Secret Clearance
In addition to the specific clearance requirement, all personnel supporting DHS must have a current background investigation (BI) or obtain a favorable BI before joining the program
Minimum of 7 years of experience or BS degree Science, Technology, Engineering, Math or related field and 5+ years of professional experience in information assurance or compliance
Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
Knowledge with auditing security controls and financial processes
Superior writing, communication and critical analysis skills
Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
Advanced Experience/Knowledge with the following:
NIST SP 800-37 Risk Management Framework security assessment and authorization (AA) processes
NIST 800-53 security controls and required documentation
Security controls (i.e
NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
Maximum lifting, occasional lift/carry of small articles
Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met
Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse)
Honest - Be Trustworthy
Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support
Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task
Responsibilities
The selected candidate will apply experience as an ISSO by evaluating the clients Information Systems being introduced to the environment to determine if they meet the required security standards and are authorized to operate within the network, using the NIST Risk Management Framework (RMF) or similar methodologies
Manage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles
Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POAMs, and other relevant security documentation for existing and new systems
Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
Use workflows to develop security artifacts
Document, organize and implement security control requirements
Identify current and new risks
Prepare vulnerability test plans and coordinate the testing and result procedures
Assess customer based solutions and provide recommendations for any improvements to current security posture
Ability to review and write security related policies and procedures
Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures
POAM Management and Risk Management Framework (RMF)
Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines
Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations
Reviewing vulnerability scan results
Hybrid to Ashburn, VA - 2/3 day a week (subject to change at the client's discretion)
Sedentary - 10 lbs
Some occasional walking or standing may be required
Job description
At Agile Defense we know that action defines the outcome and new challenges require new solutions. That's why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.
Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility-leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation's vital interests.
Requisition #: 754
Job Title: Information System Security Officer
Location: Hybrid to Ashburn, VA
Clearance Level: Active - Secret
Required Certification(s): One of the following:
• Certified Advanced Security Professional (CASP+)
• CAP - Certified Authorization Professional
• CISA - Certified Information Systems AuditorCertified Advanced Security Professional (CASP+)
SUMMARY
The selected candidate will apply experience as an ISSO by evaluating the clients Information Systems being introduced to the environment to determine if they meet the required security standards and are authorized to operate within the network, using the NIST Risk Management Framework (RMF) or similar methodologies. Manage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.
JOB DUTIES AND RESPONSIBILITIES
• Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POAMs, and other relevant security documentation for existing and new systems
• Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
• Use workflows to develop security artifacts
• Document, organize and implement security control requirements
• Identify current and new risks
• Prepare vulnerability test plans and coordinate the testing and result procedures
• Assess customer based solutions and provide recommendations for any improvements to current security posture
• Ability to review and write security related policies and procedures
QUALIFICATIONS
Required Certifications: One of the following:
• Certified Advanced Security Professional (CASP+)
• CAP - Certified Authorization Professional
• CISA - Certified Information Systems AuditorCertified Advanced Security Professional (CASP+)
Education, Background, and Years of Experience
• Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university
ADDITIONAL SKILLS QUALIFICATIONS
Required Skills
• Must have a Secret Clearance. In addition to the specific clearance requirement, all personnel supporting DHS must have a current background investigation (BI) or obtain a favorable BI before joining the program.
• Minimum of 7 years of experience or BS degree Science, Technology, Engineering, Math or related field and 5+ years of professional experience in information assurance or compliance.
• Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
• Knowledge with auditing security controls and financial processes
• Superior writing, communication and critical analysis skills
• Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
• Advanced Experience/Knowledge with the following:
• NIST SP 800-37 Risk Management Framework security assessment and authorization (AA) processes
• NIST 800-53 security controls and required documentation
• Security controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
• Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
• Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures
• POAM Management and Risk Management Framework (RMF)
• Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines
• Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations
• Reviewing vulnerability scan results
Preferred Skills
• ISC2 Certified Cloud Security Professional certification (CCSP)
• Familiar with IT system administration/engineering
WORKING CONDITIONS
Environmental Conditions
• Hybrid to Ashburn, VA - 2/3 day a week (subject to change at the client's discretion).
Strength Demands
• Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Physical Requirements
• Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse).
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together.
What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.
We also believe in supporting our employees by offering a competitive and comprehensive benefits package. To explore the benefits we offer, please visit our website under the Careers section.
Happy - Be Infectious.
Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.
Helpful - Be Supportive.
Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.
Honest - Be Trustworthy.
Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.
Humble - Be Grounded.
Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.
Hungry - Be Eager.
Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.
Hustle - Be Driven.
Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35 (c)
Read more
