ICAM Information Systems Security Officer 2 (ISSO2)

We're searching for talented individuals who provide intelligence, engineering, and mission management expertise for the Government. This program will maximize the effectiveness and efficiency of our country’s most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a difference, then come join us!

Job Description:

The candidate will be responsible for security architecture and systems engineering supporting projects. The ISSO will provide guidance to the team to support system accreditation (IATT and ATO).

ISSO tasks include:
•Prepare system security plan (SSP) and provide recommendations to assist in obtaining ATOs.
•Identify, develop (either directly, or in coordination with applicable experts), review and incorporate common artifacts found in an RMF accreditation package such as: system architecture and boundaries, hardware and software lists, risk assessment reports, POA&Ms, data flows, and other necessary system, network, and application documentation.
•Work with ISSM and DAOs to ensure systems obtain and maintain accreditation.
•Verify package submissions have met the threshold for approval such as: C&A Package for System Reauthorization, SAR Findings, CTO’s, POA&Ms, and System Security Plans (SSPs).
•Apply continuous monitoring techniques to evaluate the systems security posture.
•Create tasking for developers and system administrators as changes and patching are required.
•Oversee the implementation of software patches to maintain the security posture of the organization.
•Responsible for implementing, and enforcing information systems security policies, standards, and methodologies.
•Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus) necessary to identify and document compliance.
•Review Audit Logs on a weekly basis.
•Perform Data transfers on a weekly basis driving from CACI Hanover Office to Ft. Meade.
•Maintain and report assessment and authorization statuses and issues in accordance with organizational guidance.
•Understand the PRIVAC process. Support personnel with new PRIVAC requests and extensions.

The Level 2 Information Systems Security Officer shall possess the following capabilities:

• Experience with:
  • The ICD 503/NIST 800-53 certification and accreditation process
  • The Risk Management Framework
  • Developing and maintaining SSPs
  • IAVA review and handling
  • Interpreting Security Scan results
  • Interfacing with System Administrators and Software Engineers
  • Task tracking systems (e.g. Jira, Redmine, ServiceNow)
• Understands:
  • Public Key Infrastructure-based authentication
  • A variety of security policies, especially within the IC
  • fundamentals of technical security risk assessment
  • Understands how to perform analysis of alternatives
• Able to clearly communicate ideas and status updates to management and other stakeholders.

Qualifications:

• Bachelor's degree in Computer Science or related discipline from an accredited college or university
• Ten (10) years experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree.
• Experience is to include at least two (2) of the following areas:
  • Knowledge of current security tools
  • Hardware/software security implementation
  • Communication protocols
  • Encryption techniques/tools.

Certifications Required:

• This position has been designated as requiring CWIP certification and requires one of the following baseline certifications to qualify
  • CAP, CND, Cloud+, GSLC, Security+ CE, HCISPP

Position requires active Security Clearance with appropriate Polygraph