Information Systems Security Officer (ISS0)
- Job Title
- Information Systems Security Officer (ISS0)
- Job ID
- Herndon, VA, VA
- Other Location
Information System Security Officer (ISSO) - Senior
Every day at Perspecta, we enable hundreds of thousands of people to take on our nation’s most important work. We are a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation’s most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselves—to respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers.
Perspecta is currently seeking an ISSO on an existing cloud based DOD application. SECRET CLEARANCE REQUIRED AND CISSP or CISM CERTIFICATION ALSO REQUIRED.
The position is key and has contract required experience.
The Cloud ISSO responsibilities include, but are not limited to:
- Serving as the Information Assurance Section cloud subject matter expert for the A&A and Continuous Monitoring processes
- Providing security requirements analysis of cloud architectures and designs
- Identify cloud architecture development best practices and applying security best practices to that architecture
- Identifying technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring
- Explaining cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies
- Identifying cloud vulnerabilities and recommending mitigation alternatives for POA&M items
- Reviewing cloud security test results to identify weaknesses, technical flaws, and vulnerabilities
- Reviewing cloud SLAs for compliance to requirements
- Recommending technical process improvements for the A&A process
- Represent the client as the cloud security consulting SME
Education and Experience Required:
- 4-8 years of security engineering in a similar IT environment with an emphasis in vulnerability assessments, incident and risk management. Candidate must possesses a bachelors degree in Information Systems Security certification or equivalent experience. Candidate must also posses a recognized security processional certification (CISSP, CISM, or other).
Knowledge and Skills Required:
- Provide cybersecurity support for the Total Ammunition Management System (TAMIS) through the Army’s Risk Management Framework (RMF) Assessment and Authorization (A&A) process using the Enterprise Mission Assurance Support Service (eMASS).
- Implement security practices displaying best practices in software engineering methodologies, system/security engineering principles, secure design, secure architecture with applicable experience in all these areas.
- Designed and developed the Security Architecture and Network for the TAMIS migration to Amazon Web Services (AWS) GovCloud.
- Developed and implemented RMF Cybersecurity Policies, Processes, Procedures, and Technical Controls for TAMIS to attain Authorization to Operate (ATO) and become the first cloud-based Army system to be fully accredited and operational.
- Work as the liaison between Army G-3/5/7 and third parties (i.e. NETCOM, DISA Cloud Access Point, DISA Internet Access Point, ARL, AWS, Akamai Technologies) to ensure proper implementation of security controls and maintain compliance.
- Manage program and cybersecurity risks, the Cybersecurity Workforce (CSWF) Improvement Program, third-party software licensing, Cybersecurity Service Providers (CSSP), and software development support applications (Visual Studio, SharePoint, TFS, etc.) for the TAMIS project.
- Responsible for managing and training junior ISSOs/ISSEs supporting the program.
- Developed and implemented continuous monitoring practices to ensure ongoing compliance with FedRAMP High, FISMA High, DoD and Army security controls.
- Performed security scans of servers using DoD approved tools (ACAS, SCAP, Veracode, etc.)
- Completed STIG Checklists to ensure proper security configurations of operating systems and databases
- Worked with developers and System Administrator to correct findings from security scans and STIGS checklist
#isso #informationsecurity #governmentjobs