Senior Security Officer (ISSO)

  • location: Bethesda, MD
  • type: Temp to Perm
  • salary: $60 - $70 per hour
easy apply

job description

Senior Security Officer (ISSO)

job summary:
Randstad Technologies is seeking a Senior Security Officer (ISSO) to work in Bethesda, MD

The ISSO will be responsible for executing and leading efforts to ensure system compliance with HHS security policies, procedures and guidelines. Maintain the availability and integrity of the environment. Design, integrate and promote security features, products, and procedures to ensure system certification and accreditation. Assess and mitigate system vulnerabilities.

Responsibilities

  • Develop and maintain Assessment and Authorization (A&A) documentation including System Security Plan (SSP), Continuous Monitoring Strategy, Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M), to support certification of compliance to applicable standards.
  • Maintain and support current and ongoing Assessment and Authorization (A&A) packages.
  • Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
  • Implement and support cyber security standards to include NIST and Risk Management Framework (RMF) A&A Standards.
  • Work with systems owners, Government managers, and other stakeholders to manage Cybersecurity requirements.
  • Perform regular systems security scans, and maintain records of such scans, as required by A&A guidelines.
  • Respond to Information Assurance Vulnerability Alerts as necessary to address systems vulnerabilities.
  • Review systems security utilization logs per cyber security standards.
  • Review and evaluate information technology software, hardware and networks and the overall cyber security posture of information technology systems.
  • Provide recommendations for security improvements based on advances in industry or in response to threat intelligence.
  • Review and analyze vulnerability scans and collaborate with system administrators to mitigate and remediate.
  • Participate in the change management process, including conducting security impact analyses.
  • Review audit logs for suspicious activity.
  • Participate in meetings to report system status to senior management.
Qualifications

  • 5+ years of experience as Senior Security Officer supporting major Federal information systems/applications
  • Experience with NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes
  • Experience with NIST 800-53 security controls and required documentation
  • Experience with security controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
  • Experience with Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
  • Experience with POA&M Management and Risk Management Framework (RMF)
  • Knowledge of cloud (AWS) cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
  • Experience working with security tools including Tenable, Splunk, etc.
  • Excellent organizational, analytical and problem-solving abilities
  • Superior writing, communication and critical analysis skills
Education:

  • Bachelor's degree or equivalent work experience
  • ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)
  • Knowledge of Health Care related support activities, processes, and regulations are preferred
Must be able to obtain Public Trust

 
location: Bethesda, Maryland
job type: Contract
salary: $60 - 70 per hour
work hours: 9am to 5pm
education: Bachelors
 
responsibilities:
Responsibilities

  • Develop and maintain Assessment and Authorization (A&A) documentation including System Security Plan (SSP), Continuous Monitoring Strategy, Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M), to support certification of compliance to applicable standards.
  • Maintain and support current and ongoing Assessment and Authorization (A&A) packages.
  • Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
  • Implement and support cyber security standards to include NIST and Risk Management Framework (RMF) A&A Standards.
  • Work with systems owners, Government managers, and other stakeholders to manage Cybersecurity requirements.
  • Perform regular systems security scans, and maintain records of such scans, as required by A&A guidelines.
  • Respond to Information Assurance Vulnerability Alerts as necessary to address systems vulnerabilities.
  • Review systems security utilization logs per cyber security standards.
  • Review and evaluate information technology software, hardware and networks and the overall cyber security posture of information technology systems.
  • Provide recommendations for security improvements based on advances in industry or in response to threat intelligence.
  • Review and analyze vulnerability scans and collaborate with system administrators to mitigate and remediate.
  • Participate in the change management process, including conducting security impact analyses.
  • Review audit logs for suspicious activity.
  • Participate in meetings to report system status to senior management.
 
qualifications:
Qualifications

  • 5+ years of experience as Senior Security Officer supporting major Federal information systems/applications
  • Experience with NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes
  • Experience with NIST 800-53 security controls and required documentation
  • Experience with security controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
  • Experience with Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
  • Experience with POA&M Management and Risk Management Framework (RMF)
  • Knowledge of cloud (AWS) cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
  • Experience working with security tools including Tenable, Splunk, etc.
  • Excellent organizational, analytical and problem-solving abilities
  • Superior writing, communication and critical analysis skills
Education:

  • Bachelor's degree or equivalent work experience
  • ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)
  • Knowledge of Health Care related support activities, processes, and regulations are preferred
Must be able to obtain Public Trust

 
skills: Education:

  • Bachelor's degree or equivalent work experience
  • ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)
  • Knowledge of Health Care related support activities, processes, and regulations are preferred
Must be able to obtain Public Trust


Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

easy apply

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs

    Senior Auditor

  • location: Washington, DC
  • job type: Permanent
  • salary: $75,000 - $85,000 per year
  • date posted: 2/12/2020


    Senior Accountant

  • location: Rockville, MD
  • job type: Permanent
  • salary: $70,000 - $75,000 per year
  • date posted: 4/1/2020