• Information Systems Security Officer

    Location US-Washington, DC
    Posted Date 3 weeks ago(10/4/2018 7:56 AM)
    Job Code
    DJOB
    Clearance Required
    Top Secret SCI
  • Position Summary

    Avineon, Inc. is looking to add to our dynamic and varied team of security professionals. We are seeking a qualified Information Systems Security Officer (ISSO) with 10+ years of experience in information security, security assessment and authorization (SA&A), security policy and procedures, continuous monitoring, auditing, security compliance monitoring, and network engineering using best practices in an enterprise environment.

     

    The successful candidate will have specialized experience in such areas as IT security program management for the federal government with an emplysis on intelligence community (IC) support. This includes in-depth knowledge of applicable laws and regulations, including intelligence community directives (ICds); development of policy, procedures, and technical standards; IT security operations; and compliance monitoring.

    Duties & Responsibilities

    The ISSO shall provide:

    • Analysis of security findings, scan results, issues and plans.
    • Interpretation and clarification of security policy, guidance and new or changing policy requirements, including FISMA, NIST, ICD and CNSSI No. 1253.
    • Recommendation for action(s) to resolve or mitigate known weaknesses, or for preventive measures and safeguards for potential threats.
    • Status monitoring for Plans of Action and Milestones (POA&M), and other applicable action plans designed to resolve known weaknesses or prevent potential threats.
    • Guidance in resolving known system weaknesses according to available enterprise-level plans or solutions.
    • Situational awareness through notification of enterprise security issues, solutions, projects and plans that may impact the assigned system(s).
    • Continuous monitoring of NIST and CNSSI security controls.

     

    The ISSO shall be responsible for:

    • Voordination of activities that facilitate confidentiality, integrity, and availability of assigned systems and applications.
    • Accomplishing duties through planning, analysis, development, implementation, maintenance, and enhancement of the clients’ Cybersecurity information systems security programs, policies, procedures, and tools consistent with Department of Treasury, FISMA, ICD and NIST guidelines.
    • Assisting the SAISO/CISO/ISSM in identifying, implementing, and assessing the common security controls.
    • Actively supporting the development and maintenance of the system security plan, to include coordinating system changes with the information system owner and assessing the security impact of those changes.
    • Performing and/or providing oversight and guidance for day-to-day security activities for assigned systems.
    • Develop or assist in development of system security policy.
    • Analyze IT security environment and develop threat and vulnerability assessments.
    • Configure, test, and evaluate hardware and software products to enhance information security
    • Analyze network and system intrusions, breaches, and other information security incidents in support of IT security incident response.
    • Document business requirements.
    • Perform risk assessments.
    • Support investigations and audits by utilizing IT review and IT forensics procedures.
    • Participate in business process reviews supporting business process engineering and re-engineering.
    • Conduct assessments on identified systems based on standards and guidelines; validate assessed data.
    • Conduct SA&A of IT systems.
    • Write comprehensive assessment, review, audit and investigation reports outlining methodology, analysis, and recommendations.

    Education - Experience & Skills Required

    Preferred Experience/Skills:

    • Expert in systems security monitoring and scanning tools including but not limited to McAfee ePO, Nessus/Tenable, Tripwire, SourceFire, Splunk, ACAS, and HBSS.
    • At least ten plus years’ experience and very knowledgeable and experienced in IT security.
    • 15 years progressive IT experience.
    • Knowledge of federal policies and guidelines such as ICD, FISMA and Homeland Security Policy Directives.
    • Knowledge of Treasury security guidelines.
    • Knowledge of NIST and ICD documents, standards, and guidelines.
    • Knowledge of the SA&A process of information systems as per NIST 800-37 and related standards.
    • Understand/Create Security Awareness Program as per NIST 800-50.
    • Understand incident prevention and response as per NIST guidelines.
    • Understand HSPD-12 and the requisite NIST and FIPS standards (201).
    • Complete understanding of NIST SP 800-53, SP 80-53A, and CNSSI No. 1253.

     

    The ideal candidate will also have the following qualifications:

    • Strong interpersonal skills and teamwork skills.
    • Strong requirements gathering, analysis, and organization skills.
    • Strong technical writing skills.
    • Experience using system development life cycle methodology.
    • CISSP or other certification.
    • Program Management Professional (PMP).

     

    Education Required: Bachelor’s degree in computer science, information systems, engineering, or other related discipline.

     

    Clearance: Must be a US Citizen with a Top Secret security clearance with SCI ACCESS.   All members of their immediate family and members of their household must be a US Citizen.

     

     

    Avineon is an Equal Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all applicants and employees without regard to race, color, religion, gender, national origin, age, disability, or genetic information.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed