The selected candidate will serve as an Information System Security Officer (ISSO)/alternate ISSO for a major Federal IT application and Information system. They will be responsible for conducting structured security certification and accreditation activities utilizing the Xacta IA Manager Assessment Engine. As a member of the Security Team, the candidate will lead the review of technical, management and operational security controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the IT system’s information technology and security solutions.
Establish and maintain unclassified computer accounts, and provide briefings related to all new system user accounts
Conduct periodic self-inspections of facilities and computer systems to ensure compliance with accreditation/certification documentation packages for approved systems, and proactively report results to management; make recommendations and implement improvements as needed
Ensure all systems are operated, maintained, and information is disposed of in accordance with internal security policies and practices
Ensure configuration management is appropriate for all Information Systems (IS) software and hardware, including documentation and tracking of change control actions
Conduct user training to ensure systems security and increase user awareness, and
Ensure security logs and audit trails are reviewed in accordance with established schedules
The candidate will be responsible for ensuring that Certification and Accreditations (C&A) documents, Plan of Action and Milestones (POA&M) and artifacts are maintained and updated in accordance with DHS and CBP policy. The candidate will participate in the CBP change, configuration, and release management processes to ensure an appropriate security level is in the systems lifecycle. As a technical expert in the security field, the candidate will be relied upon to ensure that senior management is kept apprised of all pertinent security systems issues. They will also be responsible for the evaluation, implementation and operation of a security monitoring and auditing solution utilizing a COTS product and industry-wide best practices.
Minimum of 2 years within Security (candidate should have completed at least one security system cycle)
Overall years of IT experience 4-6+
Must have experience with Windows, Oracle, Unix, and Linux. Must demonstrate a complete understanding of Information Security Administration principles, concepts, practices, and standards as well as a complete understanding of network devices, TCP/IP and related Internet protocols.
Must possess skills including organizing, scheduling, conducting, and coordinating work assignments to meet project milestones or established completion dates. Must be customer focused and possess the ability to identify issues, analyze, and interpret data and develop solutions to a variety of moderately complex technical problems.
Must have experience accurately documenting, reporting, and presenting findings.
Must be a US Citizen.
Must have the ability to obtain (or currently possess) and maintain a DoD Secret security clearance.
Should Must possess experience preparing a complete Certification & Accreditation (C&A) package which led to approval of a system Authorization to Operate.
Should have experience with one or more; AppDetective, WebInspect, Nessus and Splunk.
Vendor Certifications and work experience in the following technical areas are a plus:
Web 2.0 technology
Microsoft .Net and C#
Oracle DB or SQL Server DB
Check Point Certified Security Expert (CCSE)
Red Hat Certified System Administrator (RHCSA)
Cisco Certified Network Associate Certification (CCNA)
Microsoft Certified Systems Engineer (MCSE) with focus on security
Completed at least one full security system cycle (see information under day to day tasks in the req). Additionally, please ensure this type of experience is easily displayed on the resume. This experience is critical for our program
Must have one of the following certs:
CISSP: Certified Information Systems Security Professional
CEH: Certified Ethical Hacker
CISM: Certified Information Security Manager
GIAC: Global Information Assurance Certification
Comp TIA Security +
***Send resume to email@example.com