Sr. Information Systems Security Officer
MSI is seeking a Sr. Information Systems Security Officer to support our client located in Clarksburg, WV.
- Responsible for the IT security support required to plan, verify, validate, develop, implement, and enhance the security posture of customer information systems.
- Support the establishment, implementation, and maintenance of a life-cycle security model that develops, maintains, and dispositions customer information systems, services, and data, and safeguards their confidentiality, integrity, and availability.
- Coordinate with system owners to ensure systems are operated and maintained in accordance with security policies and practices and reports all information system security incidents through the appropriate customer channels.
- Work with applications and tool sets such as Risk Vision, ClearQuest, GITLAB, JIRA, SharePoint, Splunk, BigFix, Tenable Security, and Center.
- Assist customer stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with customer information systems
- Review acquisitions for products as they relate to information security.
- Support the Security Assessment and Authorization (SAA) process of customer information systems to verify and validate conformance to Federal and customer policies, regulations, FISMA compliance and standards, and to meet specified security requirements.
- Support will parallel with Enterprise Information Security Section (EISS) certification testing methodologies and strategies.
- Provide presentations, briefings, and training as assigned.
- Support Tier level/data categorization and providing data categorization report
- Monitor trends in technology, performing system security analyses, and recommending strategies and solutions for improving system security.
- Review system specifications to ensure security requirements are met and reviewing for approval proposed system and engineering change requests and modifications to determine impact on system security.
- Review and maintain required system documents to ensure all security related policy requirements have been addressed, provide guidance on the establishment of detailed System Security Plans (SSP) to ensure system requirements are met, and review proposed changes to system requirements to evaluate the impact on system security.
- Evaluate security vulnerabilities with regard to confidentiality, integrity, and availability, and recommending appropriate solutions, viable strategies, and/or mitigations.
- Recommend and advise on standards and procedures that reflect good practice in IT infrastructure management and providing security policy support.
- Coordinate with the Information Systems Security Manager (ISSM) and Information Systems Security Representatives (ISSR) of customer IT systems to verify and validate that the systems conform to Federal and customer policies, regulations, and standards, and meet specified security requirements.
- Coordinate security-related issues with the Information Systems Security Engineer (ISSE).
- Report and coordinate all security-related incidents to the ISSM and providing IS vulnerability feedback.
- Must have an active Top-Secret Clearance or higher.
- Six plus years of related experience in Information Systems Security required.
- Active CISSP strongly preferred.
- Bachelor’s Degree strongly preferred.
- Experience in Information System compliance with government standards and industry best practices, including National Institute for Standards and Technology (NIST), Open Web Application Security Project (OWASP), Common Criteria, Defense Information Security Agency (DISA) and SANS Institute.
- Knowledge of and experience working in Agile development environments.
- Demonstrated level of experience in information security practices within the federal and/or state governments.
- Previous hands-on technical experience demonstrated in networking, system administration and development.
- Working knowledge of Continuous Integration/Continuous Delivery (CI/CD) Pipelines.