Bart & Associates (B&A) is currently seeking an Information System Security Officer (ISSO) SME to join our team on a Federal project in Washington, DC!
The Cross-Functional Information System Security Officer (ISSO) SME / IT SME supports all Risk Management Framework (RMF) activities including the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. This person also supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. This person will provide oversight into all IASS responsibilities as required and will support both but Unclassified (SBU) and For Official Use Only (FOUO) systems. The Contractor shall perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.
The Cross-Functional ISSO SME / IT SME shall be responsible for the following:
- Risk Management Framework (RMF) Activities: Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations.
- Security Authorization Documentation: Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.
- Security Control Assessment Response: Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.
- Change Management: Review all change requests for potential impact to the system security posture.
- Continuous Monitoring: Conduct audit log and account management reviews and update the Control Allocation Table and Trigger Accountability Log.
- Configuration/Patch/Vulnerability Management: Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses and work with the system team to ensure timely implementation of a fix.
- Incident Response: Work with the Security Operations Center (SOC) and system teams to investigate and analyze any incidents affecting the assigned system(s).
- Function as a technical expert across multiple project assignments
- Work on high priority ad-hoc requests such as data calls, Senior Management Initiatives (CIO, CISO, etc.), customer mandates, etc.
- Have a deep understanding of Security Regulations, such as the NIST Publications and OMB Security-related documents
- Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization
- Develop briefings and presentations for Government PM and Executive Management
- Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government
- Support all Security Authorization Processes, Security Control Assessments, and Ongoing Authorization activities as required and as directed by the Federal Government
- Ensure systems are properly patched and hardened according to DHS requirements
- Assist with issues and concerns related to their assigned systems
- Perform other duties as assigned by the Government
- Conduct research and analysis on abnormalities and provide recommendations
- Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats, and risks in emerging IT projects, and develop technical in-depth engineering solutions to address and mitigate these risks
- Provide technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements
- Provide, prepare, and conduct security training, as needed
- Serving as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations
- Perform comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with DHS, USCIS and FISMA requirements
- Conduct quality assurance checks to ensure that the finished documentation meets DHS, USCIS, and FISMA requirements
- Implement a two (2) day turn around for the following artifacts: FIPS 199, E-Authentication Workbook, PTA, PIA, CP, CPT and a five (5) day turn around for the review of the Security Plan (SP).
- Establish a mailbox and report tracking mechanism to ensure that the federal staff knows the status of all documents that are always in the review process by running a simple report.
- Revise, edit, or update security authorization documentation and presentations
- Create, adapt, and follow project schedules and deadlines
- Develop a thorough understanding of the audience and the documentation required by meeting with colleagues, and working with managers to discuss technical problems
- Research and build knowledge about products, services, technology, or concepts
- Determine the clearest and most logical way to present information and instructions for greatest reader comprehension, and write and edit technical information accordingly
- Prepare or commission graphics and illustrations to elaborate on or complement technical writing
- Have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis)
- Minimum of five (5) years of experience managing IT projects and programs or specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor or Information Systems Security Manager
- Minimum of five (5) years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
- Minimum of five (5) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings
- Demonstrated proficiency in a vast array of Cyber Security platforms: Standard Application Online (SAO), Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, Endpoint Security
- Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
- Experience working with NIST SP 800-53, RMF, FISMA, DHS, and DoD policies
**Must be a US Citizen with a DoD Secret Clearance**
Bart & Associates (B&A) has been a systems integrator of information technology solutions for 30 years. Our mission is to use our depth and breadth of technical knowledge and expertise to ensure our clients have optimum IT solutions to meet their goals. We are a company whose accomplishments exemplify the skills, dedication, and commitment of our most valuable asset: our people. B&A provides strategic, enterprise, application, and technical infrastructure solutions, including customized and Commercial-Off-The-Shelf applications. Our service lines include: Human Capital Management, Operations & Enablement, Integration & Analytics, Modernization & Transformation, Agile Delivery, and Certified Hosting. We have a strong focus on innovation with an in-house Research and Development team and we offer full time employees a 100% premium paid medical plan option, which includes coverage for medical, prescription, dental, vision, life insurance, AD&D, disability, teledoc, and accident insurance. Headquartered in McLean, VA, B&A was named one of Virginia’s Best Places to Work in 2018.
B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A’s offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.
As a Federal Contractor, B&A is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information regarding your legal rights and protections, please click on the following links:
EEO is the Law
EEO is the Law - Amendment
Affirmative Action Plan
As a federal government contractor and based on Executive Orders and applicable laws and regulations, B&A develops and maintains annual written Affirmative Action Plans and endeavors to hire and advance qualified minorities, females, individuals with disabilities, and protected veterans.