Information System Security Officer / ISSO

• Full-time

NXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers' needs, we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management, and Business Process Services and Solutions.

Responsibilities include:

• Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
• Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm, and other scan applications.
• Evaluate the security control compliance of assigned information systems with federal requirements and the client’s monitoring strategy.
• Manage emerging and defined risks related to the administration and use of assigned information systems.
• Coordinate with the client’s Cybersecurity Unit to achieve and maintain system compliance and Authorization to Operate (ATO).
• Ensure systems are operated, maintained, and disposed of according to policies outlined in the security authorization package.
• Perform annual assessments to ensure compliance with policies and standards.
• Serve on the Configuration Control Board (CCB) to maintain and document configuration management for cybersecurity-relevant hardware, software, and firmware.
• Address security requirements throughout all phases of the information systems lifecycle.
• Establish and review audit trails, ensuring logs are retained in accordance with DOJ and component policies.
• Generate and interpret documentation within the GRC tool.
• Work within a team to provide guidance adhering to cybersecurity best practices and monitoring strategies.
• Analyze vulnerabilities, identify potential exploits, and communicate findings effectively to system owners and leadership.
• Communicate progress, efforts, and issues related to the client’s monitoring strategy orally and in writing.
• Support system security testing, operations, and maintenance.
• Develop and maintain Standard Operating Procedures for assigned functions.
• Align business processes and IT strategies with operational conditions and establish performance measures.
• Contribute to planning processes at the enterprise level, including strategic and operational activities.
• Provide system operation support and manage hardware/software inventories.

Required Skills:

• B.A. or B.S. in Computer Science or a related field.
• Experience with system authorizations and configuration management.
• Experience creating or modifying security documentation.
• Experience testing and documenting security controls (NIST SP 800-53).

Active Public Trust clearance adjudicated within the past 5 years. Must have experience working on US Federal Government projects.