Sr ISSO
Washington, DC
TS/SCI (willing to sit for Poly)
$195K with Full Benefits
Resume to cbrient@altaits.com
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
- Provide liaison support between the system owner and other IS security personnel
- Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
- Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
- Conduct required IS vulnerability scans according to risk assessment parameters
- Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
- Manage the risks to ISs and other assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)
- Coordinate system owner concurrence for correction or mitigation actions
- Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO)
- Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
- Ensure changes to IS, its environment, and/or operational needs that may affect the authorization status are reported to the System Owner and IS Security Manager (ISSM)
- Ensure the removal and retirement of IS being decommissioned is in coordination with the System Owner, ISSM, and ISSR
- Leads Risk Management Assessment and Authorization (A&A) processes for systems in the Cloud
- Performs Cloud system risk assessments while enhancing their current process workflows and developing new processes
- Works with government and industry customers to provide cyber security expertise for an AWS or Oracle Cloud Infrastructure (OCI) program
- Demonstrate working in an operational environment where priorities change frequently.
- Provide Information Assurance perspective and guidance during cloud
- planning/discussions and provide security support with reach back to OCIO as needed.
- Recommend best practices with regards to information security, information assurance, and cloud cyber security.
- Support making recommendations to leadership and developing a monitoring and event logging strategy in the cloud as the FBI/OCIO considers future cloud migration efforts.
Qualifications:
- CLEARANCE: Top Secret, Candidates will be required to sit for a CI Poly
- CISSP or GISP or CASP
- One Security certification from AWS, Azure, or GCP: AWS Certified Security – Specialty or (ISC)2 Certified Cloud Security Professional (CCSP) or AWS Certified Solutions Architect – Associate or AZ-500: Microsoft Certified: Azure Security Engineer Associate or Google - Professional Cloud Security Engineer
- 7+ years serving as an ISSO at a cleared facility
- Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
- Bachelor’s and/or advanced degree
