The client is currently seeking talented and motivated Cloud Information Systems Security Officers (ISSOs) to support development teams in the implementation and accreditation of secure cloud-based digital platforms. As an integral member of the Monitoring and Compliance Team, you will help lead IA efforts to secure and protect mission critical agency systems and sensitive data.
GENERAL DUTIES OVERVIEW
- Conducting security assessments, security authorizations, and evaluations of applications and systems processing sensitive or classified information
- Developing and maintaining security documentation, including system security plans, risk assessments, Plan of Action and Milestones (POA&M), contingency plans, incident response plans, IT security policies and procedures, etc.
- Providing continuous monitoring to enforce client security policies/procedures.
- Creating processes and reports/scorecards/dashboards that provide increased visibility to system owners and other stakeholders.
- Monitoring configuration management changes and assessing the vulnerability impacts of modifications for each system.
- Ensuring that system security requirements are addressed/implemented throughout the system lifecycle.
- Ensuring implementation of controls and processes to maintain an overall strong system security posture
- Performing vulnerability and risk assessment analysis
- Developing, maintaining, and facilitating closure of POA&Ms
- 10 years of experience in software engineering, program design and implementation, configuration management, or maintenance, integration or testing, and information system engineering
- 5 years of experience in system security analysis and implementation; cybersecurity/IA engineering; and strong understanding of protocols and interface standards
- 1 year of experience with a major cloud provider
- AWS (or other similar CSPs) core services and security controls
- Developing Authorization to Operate (ATO) packages for cloud-based applications/systems
- Strong demonstrated experience prioritizing needs, requirements and other issues
- Certified Information Systems Security Professional (CISSP) -OR- Security+ and extensive demonstrated IA experience