Apply on Employer Site

Coalfire Federal · 3 weeks ago

Information System Security Officer (ISSO) - Hybrid

Washington, DC

Full-time

Hybrid

Senior Level

5+ years exp

Coalfire Federal is a market leading cybersecurity consultancy firm that provides tailored advice and services to Federal agency customers. The Information System Security Officer (ISSO) will support the Federal team by ensuring the security of assigned information systems and conducting assessments to maintain compliance with federal regulations.

Network Security

Responsibilities

Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization

The ISSO shall have oversight responsibility to ensure proper access controls have been implemented and managed

ISSO shall ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation

Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report

Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information

Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented

Follow agreed on procedures when providing documents

Collaborate with the Security Engineer in conducting security impact assessments on change to their respective FISMA systems

Collaborate with the Security Operations Center in reviewing vulnerability and compliance scan results at an agreed upon frequency. Any findings in the scan results are to be tracked as a corrective action plan and managed in CSAM as a POAM

Qualification

NIST publicationsRisk management toolsSecurity assessmentsCloud service modelsSecurity documentationSecurity certificationsMicrosoft OfficeInterpersonal skillsCommunication skills

Required

Strong working knowledge and familiarity with NIST publications and privacy frameworks

Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools

Demonstrated experience supporting an industry risk management tool executing A&A activities

Ability to identify and assess risks and recommend appropriate remediation strategies

Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments

Ability to work independently and with teams

Professional and polished interpersonal and communication skills

Proficient with Microsoft Office to include Outlook, Word, PowerPoint, and Excel

Completed Bachelor's degree from an accredited university in an IT related field

One or more of the following certifications: Security+, Network+, CASP, CISA, CEH, or other industry recognized certification

At minimum 5+ years of hands-on work experience with ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems