Apply on Employer Site

Peraton · 4 hours ago

Information Systems Security Officer (ISSO)

Linthicum, MD

Full-time

Onsite

Senior Level, Lead/Staff

$135K/yr - $216K/yr

10+ years exp

Peraton is a next-generation national security company that drives missions of consequence spanning the globe. They are seeking an Information Systems Security Officer (ISSO) to ensure the implementation and maintenance of security controls in accordance with RMF v5 and manage ATO packages, while also drafting essential security documentation.

Information TechnologyRobotics

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Ensure the implementation and maintenance of security controls in accordance with RMF v5

Manage ATO packages

Draft security documentation including Operating Procedures, Cybersecurity Strategy (CSS), System Security Plans (SSP), and System Security and Privacy Plan (SSPP)

Work autonomously and manage workload effectively

Communicate effectively with technical and non-technical personnel

Conduct risk assessments and monitor security incidents

Respond appropriately to security threats

Qualification

NIST SP 800-53Risk Management Framework (RMF) v5EMASSCompTIA Security+CISSPAWSAzureCybersecurity Strategy (CSS)System Security Plans (SSP)Soft Skills

Required

Well-versed in best practices for cyber security program standards, processes, and procedures compliance, industry-standard security frameworks and demonstrated expert working knowledge of NIST Special Publication (SP) 800-53: Recommended Security Controls for Federal Information Systems, NIST SP 800-53A: Guide for Assessing the Security Controls in Federal Information Systems, AFPD 17-1 and AFI 17-130, Cybersecurity Program Management

Ability writing security policies and procedures, CSS, SSP, SSPP, and assess all ATO package artifacts

Expert knowledge of Risk Management Framework (RMF) v5 (Processes, workflow, etc.)

Ability to use eMASS to execute, RMF v5 to include document / update system status, identify, document, and manage implementation of operational and technical security controls, implementation and risk assessment tabs, non-compliant and non-validated controls, POAM management (entry, evidence, close-out), produce report and track Plan of Action and Milestone (POA&M) due dates, etc

The ability to complete a checklist to ensure Security Authorization Process documents are complete and comply with all guidance

Ability to work collaboratively with IT counterparts, communicate effectively (skilled in communicating complex technical information to non-technical audience) and coordinate STIG remediation with system administrators and developers

Ability to conduct risk assessments, monitor security Incidents and respond appropriately to Security Threats

Working understanding of network technology (includes knowledge of network protocols, TCP/IP), operating systems as well as the necessary security protocols, system details (Architecture, data flow, security cat, requirements, configuration management process/procedures, and user profile) firewalls, rules and configurations, intrusion detection tools and prevention systems, encryption techniques, Windows, Unix, and Linux) operating systems, along with other applications such as databases and web servers

Ability to execute tasks with little to no oversight or support as well as manage multiple, and at times, competing priorities without loss of productivity

Certifications: Active CompTIA Security+ and/or CASP+

Security Clearance: Minimum active Secret clearance

Education: Bachelor's degree and 12+ years of experience; OR Master's Degree and 10+ years of experience; OR 7 years with PhD. A degree must be within one of the following fields: Information Technology, Computer Science, Cybersecurity, Information Systems, Data Science, or Software Engineering. Four (4) years of additional relevant experience or specialized training may be considered in lieu of a Bachelor's degree

Preferred

Master's degree in one of the following fields: Information Technology, Computer Science, Software Engineering, Data Science, Information Systems, or Cybersecurity

Certifications: CISM, CISSP, CISSP-ISSMP, FITSP-M, GCIA, GCIH, GICSP, GSLC

Experience transitioning from RMF v4 to v5

Basic understanding of identity and access management system capabilities and configuration

Experience with cloud computing platforms such as AWS and Azure

Experience with TASKORDS, OPORDS, etc

Experience leading Cybersecurity (ISSO & ISSE) teams