ISSO/Security Analyst

The Information System Security Officer/Security Analyst will use Federal Certification and Accreditation (C&A) processes to research, verify and document information security controls in order for the "systems" to be accredited. 

Responsibilities

  • Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST.
  • Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, and emerging threat information.
  • Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).
  • Report on security status and security incidents.
  • Conduct Security Authorization document reviews.
  • Create and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, SOPs.
  • Conduct meetings with Government leadership and briefing on the State of Security for the systems in their purview.
  • Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system.
  • Assist in maintaining all configurations, architecture, installed software, accounts, data flows, ports, protocols, and other relevant data for each IT System and capture in design documents.
  • Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
  • Work closely with the vulnerability management team to solve POAMs

Qualifications:

  • U.S. citizenship required.
  • BA/BS or higher preferred, in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines.
  • Prior work experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice, preferably in support of the Federal government.
  • Knowledge of Federal government C&A practices and policies, particularly, FISMA and NIST SP 800-53.
  • Experience with information assurance tools preferred.
  • Ability to work independently and also collaborating closely with application developers, engineers and others.
  • Must be self-motivated and results oriented.
  • Effective written and oral communication skills.
  • Previous experience in or working for the government a plus.
  • Working knowledge of Ongoing Authorization within the NIST Framework