Information Systems Security Officer (ISSO)
Bering Straits Native Corporation (BSNC), is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.
BSNC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost effective professional services and solutions.
We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.
), paid leave, 401k plan and more.
We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
Job Description:
The ideal candidate will serve as an Information Systems Security Officer (ISSO) in the Office of the Chief Information Security Officer (CISO) of a large federal government client.
The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements.
The ISSO works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client's IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools.
Responsibilities:
Plan, develop, and conduct security testing including vulnerability and compliance scans.
Analyze and assess results based on risk to client's information systems.
Lead remediation efforts for legitimate vulnerabilities and document false-positives or deviations from client's security policy and federal guidelines.
Plan, develop, and conduct contingency plan testing, training, and exercises for client's information systems in accordance with client's IT security policies and System Security Plan (SSP).
Utilize test results to update and improve information system contingency planning.
Lead and facilitate meetings with system owners and technical personnel to categorize IT systems, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines.
Monitor and review Security Assessments and Authorizations (SA&A) including security testing and evaluations to ensure adherence to client's security policy as well as FISMA and NIST requirements.
Perform updates and maintain baselines for System Security Plans and other Security Assessment and Authorization artifacts.
Review and analyze information system audit records for unusual or potentially unauthorized activity.
Conduct investigations into activities which are in violation of system and organization security policies.
Participate in internal and external reviews, inspections, and audits to ensure compliance with federal laws and client's security policy.
Provide expert security advice to system development organizations to ensure adequate security controls are included in each system lifecycle phase.
Incorporate organizational continuous monitoring solutions into information system operations.
Ensure compliance with client's continuous monitoring policies and procedures.
Develop and implement Plans of Action & Milestones (POA&Ms) where and when security controls are insufficient.
Provide IT security policy guidance to client's executive management, staff, and contract partners and suppliers.
Conduct risk assessments to identify and mitigate risk to IT systems, facilities, and critical assets.
Evaluate and assess network security configurations and recommend corrective actions to mitigate identified deficiencies.
REQUIRED SKILLS:
Moderate-level understanding of basic computer and networking technologiesModerate-level understanding of IT security principles, technologies, best practices, and NIST guidanceExcellent communications skills.
Ability to communicate with senior management and federal client staff - both technical and non-technical - in a clear and concise manner using proper spelling, punctuation and grammar.
Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy.
Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls.
Knowledge and experience with IT security theories, concepts, best practices, and emerging issues; the infrastructure protection environment; new IT security developments; and project management theory and techniques.
Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systemsKnowledge and.
experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems.
Knowledge and experience of IT security methods for protecting sensitive information in cloud environments.
Ability to perform risk assessments to identify and mitigate risk to IT systems, facilities and critical assets.
Knowledge and experience performing network security vulnerability assessmentsAbility to develop and conduct contingency plan testing, training and exercises and to utilize test results to update and improve Information system contingency plans.
Ability to develop solutions involving IT architecture and security.
Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems.
TCP/IP stackWindows operating systemsLinux/Unix-based operating systemsNetworking technologies (routing, switching, VLANs, subnets, firewalls)Common networking protocols - SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc Common enterprise technologies - Active Directory, Group Policy, VMware vSphereLogical Access ControlPKI and other encryption methodNetwork-based and host-based IDS/IPSSecurity configuration baselines - DISA STIG, NIST USGCBAuditingVulnerability discovery and managementNIST SP 800-53 rev.
4 control
Qualifications:
Penetration testing experienceAPT-related incident response experienceBachelor's Degree or higher in information technology or information security-related fieldInterest in security/hacking culture.
Ability to think like an attackerCertifications of interest:
Security+Certified Ethical Hacker (CEH)Certified Information System Security Professional (CISSP)Certified Authorization Professional (CAP)Project Management Professional (PMP) CLEARANCE REQUIREMENTS:
Public Trust or the ability to obtain and maintain a Public Trust clearance.
(Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Accordingly, US Citizenship is required.
) - provided by Diceby Jobble.
Estimated Salary: $20 to $28 per hour based on qualifications.
BSNC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost effective professional services and solutions.
We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.
), paid leave, 401k plan and more.
We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
Job Description:
The ideal candidate will serve as an Information Systems Security Officer (ISSO) in the Office of the Chief Information Security Officer (CISO) of a large federal government client.
The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements.
The ISSO works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client's IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools.
Responsibilities:
Plan, develop, and conduct security testing including vulnerability and compliance scans.
Analyze and assess results based on risk to client's information systems.
Lead remediation efforts for legitimate vulnerabilities and document false-positives or deviations from client's security policy and federal guidelines.
Plan, develop, and conduct contingency plan testing, training, and exercises for client's information systems in accordance with client's IT security policies and System Security Plan (SSP).
Utilize test results to update and improve information system contingency planning.
Lead and facilitate meetings with system owners and technical personnel to categorize IT systems, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines.
Monitor and review Security Assessments and Authorizations (SA&A) including security testing and evaluations to ensure adherence to client's security policy as well as FISMA and NIST requirements.
Perform updates and maintain baselines for System Security Plans and other Security Assessment and Authorization artifacts.
Review and analyze information system audit records for unusual or potentially unauthorized activity.
Conduct investigations into activities which are in violation of system and organization security policies.
Participate in internal and external reviews, inspections, and audits to ensure compliance with federal laws and client's security policy.
Provide expert security advice to system development organizations to ensure adequate security controls are included in each system lifecycle phase.
Incorporate organizational continuous monitoring solutions into information system operations.
Ensure compliance with client's continuous monitoring policies and procedures.
Develop and implement Plans of Action & Milestones (POA&Ms) where and when security controls are insufficient.
Provide IT security policy guidance to client's executive management, staff, and contract partners and suppliers.
Conduct risk assessments to identify and mitigate risk to IT systems, facilities, and critical assets.
Evaluate and assess network security configurations and recommend corrective actions to mitigate identified deficiencies.
REQUIRED SKILLS:
Moderate-level understanding of basic computer and networking technologiesModerate-level understanding of IT security principles, technologies, best practices, and NIST guidanceExcellent communications skills.
Ability to communicate with senior management and federal client staff - both technical and non-technical - in a clear and concise manner using proper spelling, punctuation and grammar.
Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy.
Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls.
Knowledge and experience with IT security theories, concepts, best practices, and emerging issues; the infrastructure protection environment; new IT security developments; and project management theory and techniques.
Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systemsKnowledge and.
experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems.
Knowledge and experience of IT security methods for protecting sensitive information in cloud environments.
Ability to perform risk assessments to identify and mitigate risk to IT systems, facilities and critical assets.
Knowledge and experience performing network security vulnerability assessmentsAbility to develop and conduct contingency plan testing, training and exercises and to utilize test results to update and improve Information system contingency plans.
Ability to develop solutions involving IT architecture and security.
Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems.
TCP/IP stackWindows operating systemsLinux/Unix-based operating systemsNetworking technologies (routing, switching, VLANs, subnets, firewalls)Common networking protocols - SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc Common enterprise technologies - Active Directory, Group Policy, VMware vSphereLogical Access ControlPKI and other encryption methodNetwork-based and host-based IDS/IPSSecurity configuration baselines - DISA STIG, NIST USGCBAuditingVulnerability discovery and managementNIST SP 800-53 rev.
4 control
Qualifications:
Penetration testing experienceAPT-related incident response experienceBachelor's Degree or higher in information technology or information security-related fieldInterest in security/hacking culture.
Ability to think like an attackerCertifications of interest:
Security+Certified Ethical Hacker (CEH)Certified Information System Security Professional (CISSP)Certified Authorization Professional (CAP)Project Management Professional (PMP) CLEARANCE REQUIREMENTS:
Public Trust or the ability to obtain and maintain a Public Trust clearance.
(Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Accordingly, US Citizenship is required.
) - provided by Diceby Jobble.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
