Information Systems Security Officer - TO15

Employer
Perspecta
Location
Washington, DC
Posted
May 13, 2019
Closes
May 24, 2019
Ref
107614805
Hours
Full Time
Every day at Perspecta , we enable hundreds of thousands of people to take on our nation's most important work. We're a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation's most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselves-to respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers. Perspecta works with US government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many ways-not only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter. Perspecta's talented and robust workforce-14,000 strong-stands ready to welcome you to the team. Let's make an impact together. Perspecta has an immediate need for an Information Systems Security Officer in Washington, DC - Top Secret Clearance Perspecta is seeking a talented and motivated InformationSystems Security Officer (ISSO) who will ensure that the appropriateoperational security posture is maintained for assigned Information Systems(IS) under his/her purview, will work in close collaboration with theInformation Systems Security Manager (ISSM), the Information System Owner(ISO), and other IS Stakeholders. The candidate will ensure that cyber securityrequirements are effectively integrated into the IS' operations, management,and documentation. As ISSO, the candidate will provide critical systems,application and infrastructure support to our Customer. The candidate will havethe opportunity to work with a Team of ISSOs across multiple technical areas,on various system classification types and categorizations, as well as have theopportunity to collaborate with a diverse group of security professionals. -Work in close coordination with all system stakeholders Create and maintain existing information systemsecurity documentation, including System Security Plan (SSP), Security ControlsMatrix and/or Assessment, and Security Configuration Guide (controlled changesto the system) Develop or modify implementation and designdocuments describing how security features are implemented Prepare system documentation for assessment inaccordance with the Risk Management Framework (RMF) and NIST SpecialPublications (800-37, 800-53 and others); identify deficiencies and providerecommendations for solutions Track findings with Plan of Action andMilestones (POA&M) through mitigation and/or risk acceptance Responsible for elements of physical andenvironmental protection, personnel security, incident handling, and securitytraining and awareness and ensure systems are operated, maintained, and disposedof in accordance with security policies and procedures Ensure all users have the requisite securityclearance, authorization, need-to-know, and are aware of their securityresponsibilities before being granted access to the system, and periodicallythereafter Create security policies and maintain existinginformation system security documentation Conduct periodic and continuous reviews of thesystem to ensure compliance with the authorization package Work with the Information Assurance (IA) team toperform basic system administration and maintain various IA tools, includingaudit collection and reporting systems, vulnerability management programs, andother continuous monitoring capabilities Participate in the change management process,including reviewing Requests for Change (RFC) and assist in the assessment of apotential change's security impact Conduct daily, weekly and monthly audit reviewand management of the audit collection system Continuously review and evaluate vendor,security, and business best practices for implementing a comprehensive auditprogram Implement vulnerability management programs,including tracking and addressing IAVAs and security patches, accessingapplicability to existing systems, and ensuring closure Provide direction and guidance to lessexperienced IA personnel Remain sensitive to security infractions andassist in security investigations and responses as requested Monitor system recovery processes to ensuresecurity features and functions are properly restored and functioning correctlyfollowing an outage. Qualifications: A minimum of eight (8) years of work experiencein computer science or cyber security-related field. Strong background and extensive experience withRisk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3;knowledge of current authorization practices, particularly within theDepartment of Justice. Extensive background with DITSCAP/DIACAP may besubstituted in some cases. Certified in at least one of the following duringthe life of the contract: International Information Systems SecurityCertification Consortium (ISC2) Certified Information systems SecurityProfessional (CISSP), the Global Information Assurance Certification (GIAC)Information Security Professional (GISP), or the Computing Technology IndustryAssociation (CompTIA) Advanced Security Practitioner (CASP) or othercertifications exemplifying DoD 8570.1 IAM level III proficiency Bachelor's or advanced degree in ComputerScience, Cyber Security, Mathematics, or Engineering is highly desirable. Familiarity with the use and operation of suchtools such as Tenable's Nessus and/or Security Center, IBM Guardium, HPWebInspect, AppDetect, Network Mapper (NMAP), or like applications Knowledge and experience with security effortsrelated to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and Oracle. Experience implementing and using various IAtools including vulnerability assessment, patch management, audit collection,audit review, audit management, and end-point protection Analytical skills, with the capacity to quantifyand/or qualify risks as they relate to the enterprise systems Good communications skills, both in writing andorally. US Citizenship active Top Secret clearance, and SCI capable

Similar jobs