Apply on Employer Site

Steampunk, Inc. · 2 hours ago

Principal Information Systems Security Officer

Orlando, FL

Full-time

Hybrid

Senior Level, Lead/Staff

$120K/yr - $145K/yr

6+ years exp

Steampunk, Inc. is searching for a Principal Information Systems Security Officer to support a government customer in Orlando, FL. The role involves ensuring the security of systems, managing risks, and providing audit support while demonstrating strong communication and problem-solving skills.

ConsultingInformation Technology

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan

Review and update security authorization documents as needed, but at least annually

Conduct Contingency Plan tests at least annually and updating the plan

Perform system self-assessments as part of the customer's Ongoing Authorization program

Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management

Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)

Maintain knowledge of inventory in accreditation boundary

Use DHS’ and mandated enterprise IA Compliance Tools

Devise a plan to certify and accredit their assigned Information system or information systems

Respond to emerging requirements or policies as set by legislation, regulation or policy

Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems

Support the review and update security authorization documents as needed, but at least annually

Help coordinate with Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements

Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)

Proactively ensure security requirements are included in development cycle (Waterfall, Agile, SecDevOPs)

Use DHS’ and mandated enterprise IA Compliance Tools

Ensure CM processes are followed to ensure that any changes do not introduce new security risks

Support the management system Information Security Vulnerability Management (ISVM) Compliance

Experience leading a team of ISSOs

Qualification

FISMA-related experienceCybersecurity certificationsNIST SP 800 knowledgeInformation Security Vulnerability ManagementFinancial audit standardsApplication securityNetwork securityCloud environments experienceAgile experienceDevOps experienceTeam leadershipCommunication skillsProblem-solving skills

Required

Bachelor's Degree and 8 years of cybersecurity experience; which must be FISMA-related OR

No degree and 12 years of cybersecurity experience; 10 of which must be FISMA-related OR

Master's Degree in an IT field and 6 years of cybersecurity experience; which must be FISMA-related

Must possess one of the following certifications: Certified Information System Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Systems Security Certified Practitioner (SSCP), GIAC Information Security Professional (GISP), GIAC Security Leadership (GSLC)

Applies extensive knowledge of a variety of the IA field's concepts, practices, and procedures to ensure the secure integration and operation of all systems

Extensive specialized knowledge of financial audit standards, classified system IA requirements and Privacy Act requirements

Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework

Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines Knowledge and experience with the vulnerability scanning execution, assessment, and analysis

Knowledge and experience with the operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])

Knowledge and experience with application security, database security, and network security

Knowledge and experience with the vulnerability scanning, assessment, and analysis

Knowledge and experience with the information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies

Ability to assess and weigh current and evolving security threats in an operational environment

Preferred

Current experience providing ISSO support to DHS

Experience supporting systems hosted in Cloud environments

Experience supporting systems in Agile and DevOps environments

Company

Steampunk, Inc.

Glassdoor4.4

Steampunk is anchored by a startup culture with a customer-centered delivery approach, we put our Federal government clients in the center of everything we design, develop, and deliver to drive high-quality mission impacts and user experiences at speed.

Founded in 2019

Washington, District of Columbia, USA

201-500 employees

https://steampunk.com/

Funding

Current Stage

Growth Stage

Total Funding

unknown

Key Investors

AcceliCITY powered by Leading Cities

2024-07-31Non Equity Assistance

Leadership Team

Matt Warren

CEO

Mike Saliter

Executive Vice President - Homeland, Commerce, & Justice

Recent News

PR Newswire

Steampunk promotes Stefani Shepherd to Vice President -- Homeland, Commerce, and Justice Portfolio

2025-11-20

Washington Technology

CBP picks 3 for $900M IT, enterprise business support pact

2025-10-01

PRNewswire

Steampunk Awarded BOA on USDA STRATUS Program

2024-05-21

Company data provided by crunchbase