TISTA Science and Technology Information Systems Security Officer (ISSO) / Information Security Engineer (ISE) in Washington, District Of Columbia
Jumpstart your career as an Information Systems Security Officer with TISTA! YOu will be a be an integral part of a diverse team while working for an industry leading organization, where our associates come first.
TISTA is seeking an Information Systems Security Officer (ISSO) / Information Security Engineer (ISE) to join our growing team in Washington, DC.
The Information Systems Security Officer will provide Security Assessment and Authorization (SA&A) support to the client and their IT systems within the agency’s inventory. These systems are a combination of General Support Systems, Major Applications, Minor Applications and Subsystem at various impact levels. The ISSO/ISE will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), SA&A documentations and multiple reports, based on NIST guidelines and client’s policies, procedures, and request. The ISSO/ISE will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and offer mitigation recommendations to any risks or threats.
Developing a detailed project schedule, including SA&A/SCA task and milestones, task dependencies, and personnel resources
Conduct SA&A activities and tasks and obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives
Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199
Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices
Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility
Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System
Review and generate SA&A and system documentation as needed
Selecting baseline controls for the IT System using RSA Archer and tailor security controls as appropriate
Implement security controls based on IT System FIPS categorization
Documenting security control implementation in the system’s Security Plan using the Library’s Information Assurance (IA) tool (RSA Archer)
Conduct SCA for IT systems, when required
Document system’s risk assessment per client directives and requirements
Develop and document all required artifacts for the SA&A package
Conduct Contingency Plan Test (CPT) for systems
Review and monitoring system security and audit logs
Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems
Update SA&A documentation and artifacts on a regular basis (e.g. annually, after approved change)
A minimum of five (5) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
Demonstrates a proficiency with developing, maintaining and managing SA&A packages
Experience with developing and managing POA&M’s
Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
Technical experience with reviewing vulnerability scans and providing mitigation techniques
Possess expertise in conducting SCA’s
Experienced writing security related policies and procedures
Possess experience conducting CPT’s
Experience with conducting audit log reviews
Experience with NIST Special Publications and guidance
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
Excellent communication (written and verbal) skills
Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields
A minimum of at least one (1) certification must be active relating to information security such as:
Certified Information Systems Security Professional (CISSP)
GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
CompTIA Security +;
Library Suitability and Public Trust
TISTA Science and Technology Corporation,a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is recognized in 2019 by Inc. 5000 as one of the fastest-growing private companies in the US. TISTA is also a recipient of 2019 Top Veteran-Owned Companies by the Washington Business Journal. TISTA also received a 2018 Moxie Award in the GovCon category.
Here at TISTA Science and Technology, we value Veterans and encourage all to apply!
#thinktista #tistacares #tistavaluesvets
TISTA is an Equal Opportunity/Affirmative Action Employer and embraces diversity in our employee population. It is the policy of TISTA to provide equal opportunity to all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or genetic information. TISTA will refrain from discharging, or otherwise discriminating against, employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants.
The EEO is the Law poster is available here, and the poster supplement is availablehere. (https://www.eeoc.gov/employers/upload/poster_screen_reader_optimized.pdf)
The Pay Transparency Policy is availablehere. (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Tista is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation due to a disability for any part of the employment process, please send an e-mail firstname.lastname@example.org call (301) 968-3420 and let us know the nature of your request and your contact information.