View all jobs
Information System Security Officer
Hanover, MDReflexive Concepts is seeking a skilled Information System Security Officer to join our team!
The candidate will be responsible for security architecture and systems engineering supporting projects. The ISSO will provide guidance to the team to support system accreditation (IATT and ATO).
ISSO tasks include:
• Develop and maintain System Security Plans (SSPs).
• Work with ISSM and DAOs to ensure systems obtain and maintain accreditation.
• Apply continuous monitoring techniques to evaluate the systems security posture
• Create tasking for developers and system administrators as changes and patching are required.
• Ensure security policies, practices, and procedures are implemented.
• Track Plans of Actions and Milestones (POA&M)
• Review Audit Logs
• Perform Data transfers.
Required:
The candidate will be responsible for security architecture and systems engineering supporting projects. The ISSO will provide guidance to the team to support system accreditation (IATT and ATO).
ISSO tasks include:
• Develop and maintain System Security Plans (SSPs).
• Work with ISSM and DAOs to ensure systems obtain and maintain accreditation.
• Apply continuous monitoring techniques to evaluate the systems security posture
• Create tasking for developers and system administrators as changes and patching are required.
• Ensure security policies, practices, and procedures are implemented.
• Track Plans of Actions and Milestones (POA&M)
• Review Audit Logs
• Perform Data transfers.
Required:
- TS/SCI Clearance with polygraph
- Bachelor's degree in Computer Science or related discipline from an accredited college or university
- Ten (10) years experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree.
- Experience is to include at least two (2) of the following areas:
- Knowledge of current security tools
- Hardware/software security implementation
- Communication protocols
- Encryption techniques/tools.
- This position has been designated as requiring CWIP certification and requires one of the following baseline certifications to qualify
- CAP, CND, Cloud+, GSLC, Security+ CE, HCISPP
- Experience with:
- The ICD 503/NIST 800-53 certification and accreditation process
- The Risk Management Framework
- Developing and maintaining SSPs
- IAVA review and handling
- Interpreting Security Scan results
- Interfacing with System Administrators and Software Engineers
- Task tracking systems (e.g. Jira, Redmine, ServiceNow)
- Understands:
- Public Key Infrastructure-based authentication
- A variety of security policies, especially within the IC
- fundamentals of technical security risk assessment
- Understands how to perform analysis of alternatives
- Able to clearly communicate ideas and status updates to management and other stakeholders.