Information System Security Officer - CLEARED

Washington, DC (http://maps.google.com/maps?q=Washington+DC)

Description

RDTS is seeking an experiencedInformation System Security Officer (ISSO)to provide Systems Assessment and Authorization support to the US Department of the Treasury’s Departmental Offices (DO), Office of the Chief Information Officer (OCIO).

This position requires both the technical ability to provide independent assessments and plans for current enterprise applications and systems; and the interpersonal skills to oversee effective inter/intra-departmental collaborations to ensure effective operations. Personnel selected for this role will work with RDTS leadership to oversee the program and Government personnel to develop plan based on scheduled system and application analysis to meet mission needs of the Department of Treasury DO.

Duties and Responsibilities:

• The overall duties and responsibility for this position are to perform a security assessment (either full or partial) on each system (up to nine systems) assigned in the Enterprise Applications Cybersecurity portfolio.

• The list of systems requiring security assessments will be provided by the Program Manager and Government Lead based on the current team workload.

• The ISSO will work independently to perform IT audits on complex information systems, applications, and enclaves to ensure that appropriate controls exist, are correctly implemented, and that procedures are in compliance with NIST, Federal, DOD standards.

• The candidate will conduct cybersecurity control validation exercises on classified and unclassified networks, applications, and systems to validate the effectiveness of current security measures.

• He/She will conduct accurate evaluation of the level of security required.

• He/She will perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

• The individual will provide technical support in the areas of vulnerability assessment, risk assessment, network security, and security implementation.

• The candidate will provide technical evaluations of customer systems and assists with making security improvements.

• The candidate will also develop a Security Assessment Plan (SAP) (Per NIST SP 800-53A, TD P 85-01, and TSSEC Policy – or DO P 910 if applicable) that describes the scope of the system assessment.

The SAP shall include:

• Security controls and control enhancements under assessment.

• Assessment procedures to be used to determine security control effectiveness.

• Assessment environment, assessment team, and assessment roles and responsibilities.

The results of the security assessment shall be documented in the Security Assessment Report (SAR), Security Requirements Compliance Matrix (SRCM), and the Plan of Actions and Milestones (POA&M).

Requirements

• Bachelor’s Degree in Computer Science, IA or other cyber discipline.

• Five (5) to Ten (10) years relevant experience.

• Must possess fundamental understanding of Splunk applications.

• Experience with Tenable., Qualys, DB Protect, Websense or a similar security scanner.

• Must have strong understanding of DISA STIG and CIS Benchmark configurations.

• Must be able to weigh business needs against security concerns and be able to analyze applied mitigations to evaluate whether they meet security requirements.

• Must be a US citizen.

• Must be able to obtain and maintain a security clearance.

Specialized Requirements:

• Experience with scripting.

• Experience with host based and application layer scan technologies.

• Knowledge of Azure, AWS, Oracle OCI or similar cloud-based systems.

• Strong knowledge of security fundamentals and common vulnerabilities clearance.

• Experience with the full stack of information technologies and associated security models, including server/OS, database, hardware, network devices, user compute application/SDLC, etc.

• Experience working with cyber security and vulnerability management.

• Ability to work in a fast-paced work environment and open to quickly adjusting to meet Customer needs.

PM21

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.