Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support. BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce. We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first. JOB SUMMARY Business Operational Concepts (BOC) is currently seeking an Information Systems Security Officer (ISSO) to work in the Office of the Chief Information Security Officer (CISO) of a large federal government client located in Washington, DC The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements. The ISSO works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client s IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools. DUTIES AND RESPONSIBILITIES Plan, develop, review and maintain baselines for client s information system to such as, System Security Plans, Software Hardware Boundaries Documents and Diagrams, Control Implementation Matrix, Inheritance and Overlay Memos, Security Assessment and Authorization artifacts and ATO packages. Lead and facilitate meetings with system owners, executive management, staff, and contract partners and technical personnel to provide IT security guidance, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines. Plan, develop, and conduct vulnerability and compliance scans, contingency plan testing, and risk assessment on client s information systems. Analyze results to identify and mitigate risk to IT systems, identify training opportunities, and update and improve information systems documentation in accordance with client s IT security policies and System Security Plan (SSP). Participate in internal and external reviews, inspections, Security Assessments and Authorizations and audits to ensure compliance with federal laws, client s security policy as well as FISMA and NIST requirements. Provide expert security advice to system development organizations to ensure adequate security controls are included in each system lifecycle phase. Lead remediation efforts when security controls are insufficient, weaknesses are identified in network security configurations, and vulnerabilities deviate from client s security policy or federal guidelines by recommending corrective actions to mitigate identified deficiencies and developing POAMs. Review and analyze information system audit records for unusual or potentially unauthorized activity. Conduct investigations into activities which are in violation of system and organization security policies. Incorporate organizational continuous monitoring solutions into information system operations. Ensure compliance with client s continuous monitoring policies and procedures. QUALIFICATIONS Required (Minimum) Qualifications Education, Certification, Experience, and Skills Basic-level understanding of basic computer and networking technologies TCPIP stack Windows operating systems LinuxUnix-based operating systems Networking technologies (routing, switching, VLANs, subnets, firewalls) Common networking protocols SSH, SMB, SMTP, FTPSFTP, HTTPHTTPS, DNS, etc Common enterprise technologies Active Directory, Group Policy, VMware vSphere Moderate-level understanding of IT security principles, technologies, best practices, and NIST guidance Logical Access Control PKI and other encryption method DISA STIG Security configuration baselines Auditing Vulnerability discovery and management NIST SP 800-53 rev. 4 control Must be Certified Information Systems Security Professional (CISSP) Certified Excellent communications skills. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation and grammar. Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16 NIST 800 series, the federal IT security and incident reporting hierarchy. Knowledge and experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems. Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (AA), SSP Development, and conducting audits of security controls. Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systems Knowledge and experience performing network security vulnerability assessments. Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems. Preferred Qualifications Education, Certification, Experience, Skills, Knowledge, and Abilities Technical background Experience working as any of the following Software application developer System administrator Network engineer IT Helpdesk Tier II or above Bachelor s Degree or higher in information technology or information security-related field Interest in securityhacking culture. Ability to think like an attacker Certifications of interest Security+ CISSP Certified Authorization Professional (CAP) Microsoft Certified Solutions Associate (MCSA) Red Hat Certified System Administrator (RHCSA) CLEARANCE REQUIREMENTS Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.) Business Operational Concepts, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.