ISSO-ACTIVE SECRET CLEARANCE REQUIRED
Primary Responsibilities:
Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
All other duties as assigned by management.
Education/Experience Requirements:
Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
Minimum of six (6) years experience in information security/information assurance.
Minimum of five (5) years of experience in the risk management framework.
Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
About the job
Apply for this position
ISSO-ACTIVE SECRET CLEARANCE REQUIRED
Primary Responsibilities:
Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
All other duties as assigned by management.
Education/Experience Requirements:
Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
Minimum of six (6) years experience in information security/information assurance.
Minimum of five (5) years of experience in the risk management framework.
Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.