INFORMATION SYSTEMS SECURITY OFFICER (ISSO)

Information Systems Security Officer (ISSO)

Information Systems Security Officer (ISSO)

1 day ago Be among the first 25 applicants

This range is provided by Marathon TS. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

65.00 / hr - $80.00 / hr

Direct message the job poster from Marathon TS

Cyber Security Information Systems Security Officer role maintains responsibility for maintaining the appropriate operational security posture for an information system or program. As part of those duties, the ISSO conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system(s) across multiple program offices to determine the overall effectiveness of the security controls (as defined in the latest revision of NIST SP 800-37). This role analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results. This role is also responsible for maintaining the Continuous Monitoring requirements for all assigned systems.

Core Tasks :

• Develop methods to monitor and measure risk, compliance, and assurance efforts for IT systems across multiple program offices and vendors
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
• Draft statements of preliminary or residual security risks for system operation. Develop relevant "plan of actions and milestones (POAMs)” for each IT system
• Maintain information systems assurance and accreditation artifacts in accordance with Records Management Requirements
• Monitor and evaluate a systems compliance with information technology (IT) security, resilience, and dependability requirements
• Assess the effectiveness of security controls
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change (or vulnerability patch updates)
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
• Verify that application software / network / system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
• Conduct annual Contingency Plan Tests according to Categorization of system

Core Competencies :

• Information Assurance
• Information Systems / Network Security
• Information Technology Assessment
• Legal, Government, and related federal security policies
• Systems Testing and Evaluation
• Vulnerability Assessment
• Security Technical Implementation Guides (STIGs)
• Security Requirements Guide (SRGs)

Core Knowledge, Skills, Abilities :

• Knowledge of current industry methods and federal government standards for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
• Knowledge of federal government cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data (data at rest and data in transit)
• Knowledge of the Security Assessment and Authorization process (LATO, ATO)
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
• Ability to oversee security policy standards and implementation strategies to ensure security procedures and guidelines comply with cybersecurity policies
• Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure in federal government (both on-prem and cloud)
• Knowledge of Risk Management Framework (RMF) requirements
• Knowledge of organizations evaluation and validation requirements
• Knowledge of development, and maintenance of System security plan (SSP) document
• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
• Knowledge of penetration testing principles, tools, and techniques
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language / Structured Query Language [PL / SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Ability to lead a team of cyber security support specialists and continuously validate a federal organizations IT systems against policies / guidelines / procedures / regulations / laws to ensure compliance
• Ability to identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, and inspections
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organizations mission and goals
• Skill in maintaining relationships with third-party vendors who maintain FedRAMP authorizations.
• Knowledge of Cloud Security principles and best practices
• Knowledge of DHA Ports and Protocols (PPS) procedures
• Skill in using eMASS

Seniority level

Seniority level

Mid-Senior level

Employment type

Employment type

Contract

Job function

Job function

Information Technology and Analyst

IT Services and IT Consulting and Hospitals and Health Care

Referrals increase your chances of interviewing at Marathon TS by 2x

Sign in to set job alerts for “Information System Security Officer” roles.

Cyber Security Information Systems Security Officer

The Information System Security Officer (ISSO) - DEA

Information Systems Security Officer- ISSO

Washington, DC $105,100.00-$231,100.00 11 months ago

Information Systems Security Officer- ISSO

Chantilly, VA $105,100.00-$231,100.00 9 months ago

Washington DC-Baltimore Area $27.00-$33.00 3 days ago

Remote IT Support - $70-$90k (Internal, Security)

Washington, DC $70,000.00-$90,000.00 1 week ago

Washington, DC $99,000.00-$225,000.00 2 weeks ago

Part Time Accessibility Compliance Specialist (Remote)

Arlington, VA $98,000.00-$115,000.00 2 months ago

Washington, DC $54,460.00-$74,770.00 2 days ago

Arlington, VA $90,000.00-$105,000.00 2 months ago

SMX- Skillbridge Fellowship Program (SFP)

Information Warfare Exercise Design Specialist

PDI Technologies (commercial) / Ignite Specialist

Washington, DC $105,000.00-$115,000.00 6 days ago

Information Assurance (IA) Security Specialist (Contingent II Position)

Washington, DC $90,000.00-$115,000.00 4 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

Information System Security Officer Isso • Baltimore, MD, United States