Information System Security Officer (ISSO) - Senior

Herndon, Virginia

Description

The Cloud ISSO responsibilities include, but are not limited to:

• Serving as the Information Assurance Section cloud subject matter expert for the A&A and Continuous Monitoring processes
• Providing security requirements analysis of cloud architectures and designs
•  Identify cloud architecture development best practices and applying security best practices to that architecture
• Identifying technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring
• Explaining cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies
• Identifying cloud vulnerabilities and recommending mitigation alternatives for POA&M items
• Reviewing cloud security test results to identify weaknesses, technical flaws, and vulnerabilities
• Reviewing cloud SLAs for compliance to requirements
• Recommending technical process improvements for the A&A process
• Represent the client as the cloud security consulting SME

Education and Experience Required:

• 4-8 years of security engineering in a similar IT environment with an emphasis in vulnerability assessments, incident and risk management.  Candidate must possesses a bachelors degree in Information Systems Security certification or equivalent experience.  Candidate must also posses a recognized security processional certification (CISSP, CISM, or other).  

Knowledge and Skills Required:

• Provide cybersecurity support for the Total Ammunition Management System (TAMIS) through the Army’s Risk Management Framework (RMF) Assessment and Authorization (A&A) process using the Enterprise Mission Assurance Support Service (eMASS).
• Implement security practices displaying best practices in software engineering methodologies, system/security engineering principles, secure design, secure architecture with applicable experience in all these areas.
• Designed and developed the Security Architecture and Network for the TAMIS migration to Amazon Web Services (AWS) GovCloud.
• Developed and implemented RMF Cybersecurity Policies, Processes, Procedures, and Technical Controls for TAMIS to attain Authorization to Operate (ATO) and become the first cloud-based Army system to be fully accredited and operational.
• Work as the liaison between Army G-3/5/7 and third parties (i.e. NETCOM, DISA Cloud Access Point, DISA Internet Access Point, ARL, AWS, Akamai Technologies) to ensure proper implementation of security controls and maintain compliance.
• Manage program and cybersecurity risks, the Cybersecurity Workforce (CSWF) Improvement Program, third-party software licensing, Cybersecurity Service Providers (CSSP), and software development support applications (Visual Studio, SharePoint, TFS, etc.) for the TAMIS project.
• Responsible for managing and training junior ISSOs/ISSEs supporting the program.
• Developed and implemented continuous monitoring practices to ensure ongoing compliance with FedRAMP High, FISMA High, DoD and Army security controls.
• Performed security scans of servers using DoD approved tools (ACAS, SCAP, Veracode, etc.)
• Completed STIG Checklists to ensure proper security configurations of operating systems and databases
• Worked with developers and System Administrator to correct findings from security scans and STIGS checklist

#isso #informationsecurity #governmentjobs