Senior Information System Security Officer (ISSO)
US-VA-McLean
External
Req #: 6863
Type: Full-Time
|
|
|||||||||
|
||||||||||
Overview: The ISSO serves as a Cyber Security Specialist and will perform level III ISSO and/or ISSO support. Responsibilities: * Ensuring that security requirements for the assigned major application or general support system are being or shall be met. * Supporting security authorization activities (also referred to as C&A) of platform and major/minor applications. * Performing reoccurring tasks such as weekly backups and provisioning privileged accounts. * Identifying and leading security initiatives which improve platform security. * Ensuring compliance with all legal requirements concerning the use of commercial proprietary software, e.g., respecting copyrights and obtaining site licenses. * Supporting the development of a Contingency Plan and participating in the Contingency Plan test for the platform and all major/minor applications that reside on the platform. * Attending security awareness and related training programs and distributing security awareness information to the user community as appropriate. * Reporting IT security incidents (including computer viruses) in accordance with established procedures. * Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems. * Assisting with NIST/RMF related security tasks. Qualifications: Job Requirements * Bachelor's Degree in related IT field Minimum Years of Relevant Experience * Eight years of IA experience; 3 of which must be FISMA-related  Required Skills * Extensive experience with Salesforce, including implementing security measures such as access controls. * Demonstrated ability to analyze access logs and account permissions and to recommended solutions. * Demonstrated ability to apply extensive knowledge of a variety of the IA field's concepts, practices, and procedures to ensure the secure integration and operation of all systems. * Knowledge of NIST SP 800 family of publications, particularly those associated with risk management policy and procedures. * Experience with evaluating systems, networks, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines. * Extensive knowledge and experience with the following criteria: * Web Application vulnerability scan analysis * Information security and assurance principles (e.g., Least Privileged, Defense-in-depth) and associated supporting technologies. * Application security and network security. * Demonstrated ability to assess and weigh current and evolving security threats in an operational environment. * Understanding security's role in the software development lifecycle (SDLC). * Experience performing Security Impact Analysis (SIA) * Educate teams on Salesforce security principles and best practices through training and documentation * Respond to events, participate in vulnerability remediation, and help develop preventative security solutions. * Knowledge of DHS Information Security Policy Directives and Handbooks. Required possession of one or more professional security certifications, including but not limited to: * Certified Information System Security Professional (CISSP) * Certified Information Systems Auditor (CISA) * Salesforce Certified Administrator Preferred Skills * Demonstrated ability to rely on extensive experience and judgment to plan and accomplish goals. * Able to work effectively independently to solve problems quickly and completely. * Experience reporting to, communicating with, and/or collaborating with Federal program stakeholders. * Experience in supporting, monitoring, and testing software IA problems. * Excellent oral and written communication skills.
Share this job:
