15 hours

Information Systems Security Officer

Washington, DC 20004
Business Group Highlights

Civilian, State and Local

Perspectas Civilian, State and Local segment partners with the U.S. Federal Civilian State and Local governments to provide infrastructure services, business solutions, and digital transformation services that help them achieve policy objectives and integrate citizen-centric services.


Responsibilities


Our task order provides on-site technical and administrative Security Assessment and Authorization (A&A) and Continuous Monitoring (CM) support for the client enterprise wide.

Perspecta is seeking a talented and motivated Information Systems Security Officer (ISSO) who will ensure that the appropriate operational security posture is maintained for assigned Information Systems (IS) under his/her purview, will work in close collaboration with the Information Systems Security Manager (ISSM), the Information System Owner (ISO), and other IS Stakeholders. The candidate will ensure that cyber security requirements are effectively integrated into the IS operations, management, and documentation. As ISSO, the candidate will provide critical systems, application and infrastructure support to our Customer. The candidate will have the opportunity to work with a Team of ISSOs across multiple technical areas, on various system classification types and categorizations, as well as have the opportunity to collaborate with a diverse group of security professionals. Work in close coordination with all system stakeholders.


Job Responsibilities:
Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system). Develop or modify implementation and design documents describing how security features are implemented. Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions. Track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance. Responsible for elements of physical and environmental protection, personnel security, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures. Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter. Create security policies and maintain existing information system security documentation. Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package. Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities. Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of a potential change's security impact. Conduct daily, weekly and monthly audit review and management of the audit collection system. Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program. Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure. Provide direction and guidance to less experienced IA personnel. Remain sensitive to security infractions and assist in security investigations and responses as requested. Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage.

Cloud knowledge/experience important factor.


Cloud responsibilities include providing security requirements analysis of cloud architectures and designs. Identifying technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring. Explaining cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies. Identifying cloud vulnerabilities and recommending mitigation alternatives for POA&M items. Reviewing cloud security test results to identify weaknesses, technical flaws, and vulnerabilities. Reviewing cloud SLAs for compliance to requirements.


Qualifications

BS 8-10, MS 6-8, PhD 3-5

Preferred candidate will have a minimum of ten (10) years of work experience in computer science or cyber security-related field.
Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
Familiarity with the use and operation of such tools such as Tenable's Nessus and/or Security Center, IBM Guardium, HP WebInspect, AppDetect, Network Mapper (NMAP), or like applications
Knowledge and experience with security efforts related to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and Oracle.
Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection
Analytical skills, with the capacity to quantify and/or qualify risks as they relate to the enterprise systems
Good communications skills, both in writing and orally


Additional/desirable knowledge/experience:
Cloud technologies such as AWS, Microsoft Azure and Google Cloud; knowledge of current authorization practices, particularly within the Department of Justice


Education and Certifications:
International Information Systems Security Certification Consortium (ISC2) Certified Information systems Security Professional (CISSP/CISM), the Global Information Assurance Certification (GIAC) Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other certifications exemplifying DoD 8570.1 IAM level III proficiency

Clearance requirements: Active Top Secret


About Perspecta

What matters to our nation, is what matters to us. At Perspecta, everything we do, from conducting innovative research to cultivating strong relationships, supports one imperative: ensuring that your work succeeds. Our company was formed to bring a broad array of capabilities to all parts of the public sectorfrom investigative services and IT strategy to systems work and next-generation engineering.

Our promise is simple: never stop solving our nations most complex challenges. And with a workforce of approximately 14,000, more than 48 percent of which is cleared, we have been trusted to do just that, as a partner of choice across the entire sector.

Perspecta is anAA/EEOEmployer - Minorities/Women/Veterans/Disabled and other protected categories.

As a government contractor, Perspecta abides by the following provision

Pay Transparency Nondiscrimination Provision

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c).

Industry

  • Information Technology
Posted: 2020-09-28 Expires: 2020-10-27

With offerings in mission services, digital transformation and enterprise operations, our team of 14,000 engineers, analysts, investigators and architects work tirelessly to create innovative solutions. We have the expertise and experience not only to devise solutions, but to execute on them successfully.

Sponsored by:
ADP Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Systems Security Officer

Perspecta
Washington, DC 20004

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast