About the Lead Technical Information Systems Security Officer Job Opening
As Lead ISSO, you will provide oversight into all ISSO as a Service responsibilities. ISSO s perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and NIST guidance. The ISSO as a Service task will support both Sensitive But Unclassified (SBU)/For Official Use Only (FOUO).
Lead Technical Information Systems Security Officer responsibilities include, but are not limited to:
Provide technical oversight for all USCIS systems, remediate, and provide recommendations with enterprise issues such as patch management and vulnerability management.
Conduct research and analysis on abnormalcies and provide recommendations.
Assist ISSOs with issues and concerns related to their assigned systems.
- Support all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as directed by the Federal Government for assigned systems.
- Ensure all FISMA security controls and requirements are met at inception and throughout system development
- Complete, maintain and/or support the completion and updates of all FISMA required documentation
- Develop and complete all activities and deliverables contained in the USCIS SELC and DHS Sensitive Systems Policy Directive 4300A and DHS AD 102.01.
- Conduct annual assessments and CP testing as required by DHS, USCIS and ISD
- Coordinate and manage all OA activities for the system, including:
- Trigger Accountability Log (TRAL)
- System Enrollment Form (SERF)
- Review of monthly RMB brief and system associated slides
- System Accounts Review Log
- System Audit Log Review Log
- Control Allocation Table (CAT)
- Ensure that risk analyses are completed to determine cost-effective and essential safeguards
- Provide input to appropriate IT security personnel for preparation of reports to higher authorities concerning information systems
- Ensure that weaknesses are identified, documented, addressed and remediated through the process of POA&Ms, Waivers
- Review, analyze and document scan results and ensure immediate remediation of critical and high vulnerabilities via Emergency CRs
- Provide code review and approval for any code developed for the system prior to deployment into production
- Ensure compliance with all legal requirements concerning the use of commercial proprietary software, such as respecting copyrights and obtaining site licenses
- Provide Security Incident Management and Security Architecture assistance, including but not limited to development and maintenance of technical and administrative processes, methods, procedures and solutions, as required
- Ensure changes do not detract from the current security configuration or state of the system/environment and ensure all changes should maintain or improve overall security
- Ensure maintenance of system components is implemented via the Change, Configuration, and Release Management (CCRM) processes and procedures
- Perform tasks to support DHS ICCB CR requirements for all Client's information systems, including review of DHS CR packages, ICCB CR forms, and CR test and backout plans as well as submit DHS ICCB security questionnaires and required security package for applicable CRs
- Support the development and documentation of contingency plans, disaster recovery (DR) plans, and Continuity of Operations (COOP) plans.
- Participate in COOP and failover testing for Client's systems and operations
- 15 years experience or a masters with 8+ years of specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor or Information Systems Security Manager is required
- 2+ years leading teams of 10+ ISSOs
- Certifications: CISSP and PMP
- U.S. citizenship required
- Must be able to attain or maintain a SECRET level clerance.
- Experience with at least one of the following: Splunk, Tenable Nessus, WebInspect and DBProtection vulnerability management tools
- DHS experience
- Previous experience with XACTA
- CISSP-ISSEP or ISSMP, Red Hat Certified Security Specialist (RHCSS), Oracle Solaris 10 Security Admin, Amazon Web Services Certification Program Associate, PMP
Job TypeRegular Full-TimeUS Citizen RequiredYes Job LocationUS-VA-ArlingtonActive Security Clearance RequirednoneStatusCurrentClearance StatusClearableAbout Us
Founded in 2004, eGlobalTech (eGT) is a leading management and IT consulting firm in the Washington, D.C. metropolitan area. Our focus is to provide the public sector with innovative solutions, leveraging cutting-edge tools and methodologies to meet the Government s most pressing business needs. To achieve this objective, our core practice areas strategy, IT solutions development, cyber security, and cloud computing are integrated to provide clients with comprehensive end-to-end results. This integration enables our highly motivated teams to thrive in a culture that encourages out-of-the-box thinking, collaboration and an environment where you can excel. For more information, please visit our website at www.eglobaltech.com
Equal Employment Opportunity:
eGlobalTech is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, sexual orientation, gender identity, or status as a qualified individual with a disability. EEO is the Law
Associated topics: cybersecurity, forensic, iam, idm, information security, phish, security analyst, security officer, threat, violation