Senior Information Systems Security Officer (ISSO) with Security Clearance

---

Job description

• Work one-on-one with the Government Division Chief and Technical Director and Deputy Authorizing Official to advise on Secure the Enterprise (STE) strategies, policies, and performance
• Brief the Chief Information Security Officer and Chief Information Officer on STE data, trends, updates, and changes
• Serve as the highest level of STE technical support to security community
• Converse, analyze and advise on STE areas of concern to include Transport Layer Security (TLS) versions and cipher suites, Network Flow data (NetFlow and its variants), configuration of network devices, audit data logs (syslog and variants) collection and analysis, user activity monitoring, and other technical areas
• Assist system personnel across the enterprise to maintain the appropriate operational security posture in accordance with STE compliance regulations, policies and playbook guidance for their assigned systems, programs, and/or enclaves
• Provide guidance and technical expertise on all STE requirements that impact or affect the security compliance of the information system
• Assist in the development and execution of an enterprise level STE compliance program that facilitates RMF continuous monitoring to minimize security risks and ensure compliance with that program on a routine basis.
• Manually review submitted evidence and justifications for manual compliance validations, determinations of applicability and exceptions for all STE security controls
• Based on your review, make recommendations to leadership for approval or rejection of requests for exceptions from STE security requirements
• Based on your review and written guidance, approve, or reject requests for manual validation or determination of applicability Requirements: • 12 years of related work experience in the field of security authorization.
• A Bachelor's degree in Computer Science, Information Technology Engineering, or a related field may be substituted for 4 years' experience.
• DoD 8570.1 compliant IAM Level III certification, such as the GSLC, CISM, CISSP (or associate) certification. • A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.
• Knowledge of cloud architectures and cloud service providers
• Knowledge of Customer enterprise tools and solutions.
• Ability to effectively communicate with customers of various skill levels to resolve their compliance issues.
• Willingness to perform deep dive analysis on customer issues to resolve their compliance challenges
• Knowledge of commercial security tools and their uses.
• Experience with hardware/software security implementations.
• Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services.
• Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance.
• Experience creating and presenting documentation and management reports.

<!– job description page –>