SBD is seeking a Senior Information System Security Officer (ISSO) to join our team in support of our federal customer headquartered in Washington, DC. This individual will join a team, responsible for providing cyber security compliance support services to the agency’s IT system owners and key stakeholders throughout the systems development lifecycle (SDLC) to include classified and unclassified systems. This team will be responsible for incorporating security engineering and business best security practices into its management of all services, releases and projects in accordance with ISO/IEC 20000-2:2019, National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST Risk Management Framework (RMF), and Department of Homeland Security (DHS) 4300 Series.
- Supply Chain Risk Management:
- Review and analysis of the supply chain logistics of technology within Program Offices; Technical analysis of the supply chain risk and communicate to senior leadership monthly and actively participate in external agency meetings for both unclassified and classified networks and facilities; Use automated tools to view and report on the supply chain risks throughout the agency.
- Security Authorization Support:
- Support IT system owners on the security control implementation and authorization activities of systems in the implementation of the NIST Cybersecurity Framework, NIST RMF, and DHS cybersecurity requirements.
- FIPS 199:
- Provide ISSO support to ensure the confidentiality, integrity and availability of IT applications and systems’ security posture is at an acceptable cybersecurity risk level; Provide input into the design and development of applications and systems, assess the security posture of the application/system by identifying applicable NIST SP 800-37 RMF requirements and advising system owners of the process and assist in managing the risk.
- Risk Management Framework (RMF) Activities to achieve an Authority to Operate (ATO) decision to include but not limited to:
- System Categorization; Selection and Implementation of Security Controls; Conducting IT system self-assessments; Develop Plan of Action and Milestones (POA Continuous Monitoring.
- Develop, update and maintain the System Security Plan (SSP), including:
- Security control baselines; Security control inheritance; Business Impact Analyses; SSP implementation statements; Technical Description narratives; System Description narratives; Hardware/Software Inventory
- Configuration Management (CM) Plans:
- Develop, update and maintain CM Plans and provide analysis of system or application configuration changes by: Conducting Security Impact Analyses; Developing and Approving Change Requests; Testing configuration changes; Developing security test reports on configuration changes
- Planning and Incident Response:
- Conduct Contingency Plan, Recovery Plan and Incident Response tests for IT systems.
- Develop remediation work plans to address Notice of Findings and Recommendations (NFR) from financial audits
- Continuous Monitoring:
- Perform continuous monitoring of security posture of an application and/or system to ensure that the cybersecurity requirements continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cybersecurity requirements for the assigned IT systems.
- Vulnerability Assessments:
- Conduct Vulnerability Assessments and prioritize and track remediation efforts at the application level and system level (e.g. static code analysis, database security reviews, operating system reviews, etc.)
- Security Assessments, Tests, and Audits:
- Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests; Complete required security authorizations activities on assigned IT systems; Update security authorization documentation; Perform annual security testing against IT system; Test CP; Test security control implementation.
- Assist federal staff in providing expertise and training to system owners and other key stakeholders within the agency; Advise senior executives in the areas of security policies, processes to address audit findings and/or security requirements
- A minimum of 10 years of applicable experience as an ISSO, responsible for leading cybersecurity engineering efforts.
- Must meet Information Assurance Technician (IAT) Level III qualifications. Must have at least of od the following active certifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Advanced Security Practitioner (CASP+) or other cyber security professional certifications and relevant information security technology expertise.
- Must be a US Citizen with an Active DoD Top Secret Clearance.
- Must be willing to travel to other client locations within the Continental US (CONUS) as needed.
Provide high quality services and solutions that positively impact our customers’ support for and execution of their mission.
Our People. Enabling the Government of Tomorrow. Every Program, Every Project, Every Day.
Deliver: we honor our commitments and never fail our customers!
Outperform: we strive to continually innovate and elevate our performance!
Ethical: we do what is right and fair and conduct ourselves with accountability, integrity, and honesty!
Respect: we have humility and are considerate and professional in all our dealing!
Solutions By Design II, LLC
Why Work Here?SBD specializes in IT system modernization and support as an application transformation and agile process leader. We leverage open source technologies and cloud-based solutions to reduce operating costs and advance the value proposition of automated solutions. We also have a robust cybersecurity capability optimizing security operation centers through the use of workflow automation, technical expertise, and the use of leading edge security tools. Bottom line, we deliver technically innovative, reliable, and cost-effective solutions, services, and products to our federal customers. Our Mission Provide high quality services and solutions that positively impact our customers’ support for and execution of their mission. Our Vision Our People. Enabling the Government of Tomorrow. Every Program, Every Project, Every Day. Values Deliver: we honor our commitments and never fail our customers! Outperform: we strive to continually innovate and elevate our performance! Ethical: we do what is right and fair and conduct ourselves with accountability, integrity, and honesty! Respect: we have humility and are considerate and professional in all our dealing!
Growing company with great leadership, benefits, and team environment!