Information System Security Officer

**Information System Security Officer (ISSO) / Information Assurance (IA) AnalystFairfax, VA / Telework**

Tiber Creek Consulting, Inc. is seeking an experienced ISSO / IA Analyst to serve as an information security subject matter expert (SME) as part of a growing cybersecurity operations team in Fairfax VA / Telework. You will support federal agency ATO processes for DHS and DoD, responsible for assessing and ensuring operational, technical, and privacy information security compliance for federal and commercial clients. Federal ISSO Experience Required. DHS ISSO Experience Strongly Preferred. Candidates must be US citizens clearable for DHS EOD Suitability clearance and/or DoD Secret clearance, due to federal contract requirements.

You will support executing full Security Assessment and Authorization (SA&A) life cycle and risk management functions, measuring risk, implementing system and ATO related documentation, providing technical and security control related guidance, recommendations on remediation solutions, oversight and guidance related to NIST RMF and ATO processes to project team members, proposing intuitive ways to solve complex cybersecurity compliance challenges, navigating Plan of Action and Milestones (POA&M) process, maintaining communication with federal client stakeholders and federal client information security team members, establishing and performing NIST RMF and ATO related continuous monitoring strategies and solutions, managing NIST RMF and ATO related project plans, testing system technical security configuration settings and developing reports.

The successful candidate demonstrates subject matter expertise in security control, NIST RMF, and ATO related processes; leverages knowledge of Plan of Action and Milestones (POA&M) management and continuous monitoring objectives; provides guidance on system technical security configurations and solutions to meet ATO requirements; reviews various system scan results for compliance with industry standards, and assists with developing and reviewing compliance reports that clearly identify security findings and proposed remediation strategies. We offer generous medical, dental, and disability insurance benefits, flexible spending, 401(k), ample vacation/leave time, training/skills building opportunities and a great work environment.

Apply To:Certifications:Security+ certification is required. CISA, CASP, or CISSP preferred.Experience:5+ years related work experience. Federal ISSO Experience Required. DHS ISSO Experience Strongly Preferred.Clearance:Candidates must be US citizens who are clearable for a DHS EOD Suitability clearance and/or DoD Secret clearance, due to federal contract requirements.Related Experience Should Include:

* Strong understanding of federal information security related processes, frameworks, standards, and regulations.

* Strong security system analysis skills and understanding of Cyber and IT security risks, threats and prevention measures.

* Experience in documenting ATO related artifacts to include but not limited to System Security Plans (SSP), Ports, Protocols, Services; Remediation Consolidation Plans (RCP), Plan of Action and Milestones (POA&M), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Continuous Monitoring Strategies/Plans, Information System Vulnerability Management (ISVM), OIG formatted security control implementation statements, Risk Acceptance Letters, Waivers, Interconnection Security Agreements (ISA), Memorandum of Understanding (MOU), Memorandum of Agreement (MOA), Security Assessment Reports (SAR), etc.

* Experience in proposing and providing guidance in compliant technologies, architectures, and solutions.

* Experience in working with software and system engineers in an ISSO role.

* Experience with cloud security approaches and cloud architectures. Preferred experience with Azure and AWS to include understanding FedRAMP and Security Control Inheritance, developing Shared/Customer Responsibility Matrices.

* Experience with Federal Governance, Risk Management, and Compliance or ATO related tools and content is preferred such as: eMASS, Xacta/IACS, CSAM, Continuum, SCAP/STIG, USGCB, Nessus/Tenable, etc.

* Experience supporting customers in either Federal Government and/or other industry specific Cybersecurity Compliance and Regulatory standards/frameworks.

* Experience with a variety of cybersecurity compliance standards, policies, regulations and frameworks such as: NIST RMF, FISMA, NIST SP800-53r4, FedRAMP, NIST SP800-171r1, Cybersecurity Maturity Model Certification (CMMC), NIST CSF, FIPS, NIST SP800-60, PCI-DSS, HIPAA, SOC 2, ISO27001, DHS 4300A, other Federal agency specific policies and tailoring criteria.

* Knowledgeable of Cybersecurity/IA solutions/architectures such as PKI, VPN, Enterprise Firewalls, IPS, IDS, SCAP, STIG, Nessus, ACAS, SIEM, HIDS, NIDS, MFA, EDR, FIM, CMDB, Vulnerability Scanners, AV solutions, data at rest encryption solutions, data in transit encryption solutions, penetration testing tools, etc.

* In-depth understanding of networking and network security; cloud security, network monitoring solutions/approaches.

* Experience in writing and designing information security policies, procedures, standards, guides, plans, etc.

* Must be able to multi-task and support a cross-matrixed team efficiently by working through many client projects and support internal team functions.

* Must have ability to solve complex information security related challenges and propose strategic/pragmatic approaches to the team and clients.

Job Duties:

* Support a federal NIST RMF/ATO project for a system developed by Tiber Creek and hosted in a cloud environment/architecture.

* Generate and design a variety of documentation and navigating associated processes such as System Security Plans (SSP), Plan of Actions and Milestones (POA&M), Interconnection Security Agreements (ISA), Information System Vulnerability Management (ISVM), Continuous Monitoring Strategies, Security Operation Center (SOC) strategies, Information System Contingency Plans (ISCP), Incident Response Plans (IRP), Configuration Management Processes, etc.

* Support a variety of federal and commercial clients as a Information System Security Officer (ISSO), to include security and system architecture design and input.

* Support Incident Response (IR) actions and reporting.

* Write/develop security and risk reports and related documentation.

* Consult clients on various mitigation and remediation solutions/methods.

* Navigate and manage Federal ATO processes and POA&M remediation processes.

* Provide Subject Matter Expertise (SME) input to System Engineers, Project Managers, Software Engineers to implement compliant configurations and solutions, including methods to implement NIST RMF and ATO compliant strategies/solutions for a Cloud System (AWS/Azure) in development for federal clients being provided in a Software as a Service (SaaS) model.

* Perform enterprise-wide risk analysis and vulnerability assessments and management.

* Provide SME support for automating cybersecurity operations via technology solutions and strategies.

Physical Demands and Work Environment:

* Some local and long distance travel may be required.

* Usual office working conditions and standard office equipment. Required to sit for long periods of time using a personal computer. Some light physical effort required.

* Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.

* Full time remote/telework is an option and may be required during the current COVID-19 pandemic.

Minimum Qualifiers:

* Unable to work with 3rd party candidates or agencies.