Apply on Employer Site

ECS · 11 hours ago

Information System Security Officer (ISSO)

Fairfax, VA

Full-time

Hybrid

Senior Level

7+ years exp

ECS is a leading mid-sized provider of technology services to the United States Federal Government, and they are seeking an experienced Information System Security Officer (ISSO). The role involves ensuring cybersecurity for AI/ML products within the DoD community, requiring comprehensive oversight, critical thinking, and collaboration skills.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Design and develop secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions - Committee on National Security Systems and Intelligence Community Directive (ICD)-503

Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms

Facilitate the Accreditation and Authorization (A&A) process (formerly C&A) to include package preparation for the Authorizing Official (AO) for Authority to Operate (ATO) consideration Provide input to the Risk Management Framework (RMF) process activities and related documentation

Develop, update, and monitor all Plans of Action and Milestones (POA&Ms) and ensure closure once requirements have been met. - Ensure that application of security patches for commercial products integrated into the system design meets the timelines dictated by the management authority for the intended operational environment

Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; Active experience with the Xacta

Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate

Provide cybersecurity oversight, guidance, and training to all general and privileged users

Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management)

Perform system auditing, vulnerability risk assessments, Assured File Transfers, data integrity containments and investigations on IA related security violations/incidents. Develop and implement risk mitigation strategies that minimize security risks and ensure IS security posture

Perform security testing, including penetration testing, vulnerability assessment, code review, and security audits, to identify and remediate IS security vulnerabilities

Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional

Participate in Change Control Boards (CCB) to ensure configuration/change management of cybersecurity-relevant software, hardware, and firmware is maintained and documented

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative

Analyze and interpret Assured Compliance Assessment Solution (ACAS), Security Technical Implementation Guides (STIG), Security Requirements Guide (SRG) , Security Content Automation Protocol (SCAP), scan results to identify vulnerabilities, assess risk, and drive timely remediation efforts

Work with cross-functional teams to align initiatives with ECS goals and objectives

Identify opportunities for continuous improvement and innovation

Other duties, as assigned

Qualification

DoD cybersecurity best practicesXacta 360Security risk assessmentsWindows Domain architectureIAT Level II certificationCloud-based technologiesSecurity testing toolsInterpersonal skillsProblem-solving skillsCommunication skills

Required

U.S. Citizen with an Active DoD Top Secret security clearance

Ability to work in a hybrid, on-site/remote capacity in Fairfax, VA (~3 days in office)

Bachelor's degree in Computer Science; Information Systems Management; or similar Science, Technology, Engineering and Mathematics (STEM) discipline

Minimum DoD 8140 IAT Level II certification (e.g., Security+, SSCP, CCNA-Security, etc.), active

7+ years of experience: Leading technical teams, Providing leadership, guidance, and oversight of Security concepts, Performing security risk assessments and security architecture reviews, Involved with architecture, software design, networking, virtualization, and cloud-based technologies / infrastructure

Demonstrative expert knowledge, understanding, and hands-on experience with: Hands on use with Xacta 360, in the ISSO or higher role, Intelligence Community Directive (ICD) 503, DoD Information Technology best practices, DoD cybersecurity best practices, DODD 8500.1, DODI 8500.2, and other information assurance (IA) guidance, Windows Domain and Linux systems architectures, Security / validation testing tools to include vulnerability scanners (Nessus), DISA STIGs, and DISA checklists

Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution

Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management)

Preferred

Masters degree in a STEM discipline

Active Top Secret security clearance with Sensitive Compartmented Information (SCI) indoctrination with a CI Polygraph

Current DOD 8140 IAM Level III baseline certification (CISSP, CISA, etc.)

Hands-on experience with: Securing a public cloud environment (Azure preferred), Building software utilizing public cloud (Azure preferred), Utilizing Agile methodologies, Software Security Architecture, Threat Modeling, Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management

Continuous monitoring experience

Offensive or Defensive Security techniques

Artificial intelligence and machine learning systems

Company

ECS

Glassdoor3.6

ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.

Founded in 2001

Fairfax, Virginia, USA

1001-5000 employees