Information Systems Security Officer

PCI Professional Services is looking for an Information System Security Officer (ISSO) to work as a member of a team supporting DISA. The ISSO will assist with the creation, update, and maintenance of System Security Plans and artifacts related to achieving and maintaining A&A of multiple enclaves. The successful candidate will provide continuing security engineering support for the DISA Global Video Services (GVS) legacy appliance based infrastructure as well as the virtual cloud hosted GVS infrastructure. They will also ensure all Cybersecurity requirements are compliant with all applicable DoD/DISA Cybersecurity requirements, directives, regulations, and US Laws; support and maintain the overall GVS accreditation/authorization status including analyzing and evaluating hardware and software changes related to the resolution of IAVAs/IAVBs for IP video systems and products that are operational and that are being implemented and deployed; provide and maintain all the security documentation necessary to achieve and maintain ongoing security accreditation/authorization for Government approval; analyze Information Assurance IAVAs/IAVBs related to the system operation and provide remediation guidance.

JOB RESPONSIBILITIES

• Understand/document information system specifications including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
• Work with senior engineers to advise application owners on multiple courses of action in an environment with changing unconfirmed cybersecurity policy, e.g., NIST RMF.
• Document multiple courses of action and identify risk mitigation recommendations in accordance with cybersecurity policy and best practices, with associated benefits/drawbacks to each.
• Understand and recommend implementation and strategies for using DoD security and accreditation systems with respect to data elements, e.g., eMASS.
• Apply enterprise security frameworks and capabilities, such as FISMA, NIST SP800, etc. towards existing initiatives such as migrating systems to cloud environments.
• Inform application owners on required testing, validation, and audit requirements, including annual Federal Information Security Act (FISMA), DISA CCRI, and other ARCYBER computer network defense security validation mechanisms.
• Advise application owners on required system cybersecurity artifacts/processes, including Authority to Operate, System Acceptance Testing Authorities, and related approvals.
• Identify and document required business user functionality and directly associated applicable CYBERSECURITY requirements. Ability to identify and recommend cybersecurity-compliant solutions that meet customer requirements.
• Develop/update policies and procedures to implement DoD Cybersecurity requirements—must demonstrate oral and written communication skills.
• Understand application operating environments, including security posture, application environment, provider inheritance, and current capacity and performance attributes.
• Demonstrate familiarity with current cybersecurity controls and common services, including vulnerability management capabilities.
• Identify and assess application cybersecurity state, including vulnerabilities, RMF package status/accreditation model, PPS compliance, and patching mechanisms.

POSITION REQUIREMENTS

• 5+ years performing DIACAP and RMF compliance as an ISSO.
• Demonstrated knowledge and the ability to analyze systems for Cybersecurity (IA) compliance.
• Ability to work in fast-paced, team-oriented environment.
• Knowledge and experience of DoD policies and risk assessment methodologies.
• Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.
• Experience in reviewing/editing/writing technical documents.
• Presentation and public speaking skills required. Must be comfortable presenting technical information to a group.
• Knowledge and experience of NIST Risk Management Framework, STIGs, STIG ckl, and scanning tools such as ACAS.
• Familiarity with Testing, Development, Staging, and pre-production environment cybersecurity support.

Clearance and Education

• The selected candidate must have an active Secret Clearance to start employment.
• US CITIZENSHIP is required.
• DoD M IAT-II certification is required.
• BS; Education may be substituted for experience on a case-by-case basis.