Information System Security Officer / ISSO

• Full-time

NXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers' needs, we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management, and Business Process Services and Solutions.

Responsibilities include:

• Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
• Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm, and other scan applications.
• Evaluate the assigned information systems’ security control compliance with federal requirements and the client’s monitoring strategy.
• Manage emerging and defined risks associated with the administration and use of assigned information systems.
• Coordinate with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO).
• Ensure systems are operated, maintained, and disposed of in accordance with policies outlined in the security authorization package.
• Perform annual assessments to ensure compliance with policies and standards.
• Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for cybersecurity-relevant software, hardware, and firmware is maintained and documented.
• Ensure information system security requirements are addressed during all phases of the system lifecycle.
• Establish audit trails, review them, and retain logs in accordance with DOJ and component policies.
• Generate and interpret documentation needed for GRC tools.
• Work within a team to provide guidance adhering to cybersecurity best practices and monitoring strategies.
• Analyze collected data to identify vulnerabilities, present findings, and advise system owners or leadership.
• Communicate effectively in writing and orally to track efforts and shortcomings in meeting monitoring goals.
• Support system security integration, testing, operations, and maintenance.
• Develop and maintain SOPs for all assigned functions.
• Align business processes and IT strategies with environmental conditions and establish performance measures.
• Contribute to enterprise-level planning processes and systems.
• Provide system operation support and manage hardware/software inventories.

Required Skills:

• B.A. or B.S. in Computer Science or a related field.
• Experience with system authorizations and configuration management.
• Experience creating/modifying security documentation.
• Experience testing and documenting security controls (NIST SP 800-53).

Active Public Trust clearance, adjudicated within the past 5 years. Must have worked on US Federal Government projects.