Information Assurance Support/ISSO job in Washington, DC | ...

Information Assurance Support/ISSO
Broadleaf, IncWashington, DCa month ago
JOB DESCRIPTION:

  • Information System Security Analyst (ISSO) - ISSO are expected to have a broad knowledge of information security and federal information security policy and requirements. They are responsible for supporting the Cybersecurity-Supply Chain Risk Management (SCRM) support on a needed basis. ISSO’s are expected to have a broad knowledge of cybersecurity, SCRM, emerging technology, and federal information security policy and requirements.

  • Provision of professional expertise in supporting requirements associated with Cybersecurity, SCRM requirements associated with the Governments need to meet mandates, policies, and more.

  • Assisting with all Risk Management & Analysis Support Services (RMASS) initiatives/requirements and participating in related meetings, seminars, and conferences.

  • Provision of expert knowledge of the Department of Defense (DoD) as well as Federal Civilian Government, all cybersecurity, supply chain, acquisition, and emerging technology security policies and procedures

  • Provide subject matter expertise for Cybersecurity-SCRM related policies and procedures for GSA as well as client agencies

  • Provide input to the development and implementation of the systems security enterprise-wide Cybersecurity, SCRM strategy along with development and implementation of the Federal Acquisition Service (FAS)/Office of Information Technology Category (ITC) strategy.

  • Provide technical and administrative support that helps the improvement and extension of the Cybersecurity, SCRM security for all products and service offerings as they are identified and prioritized by the Government

  • Review information on new or emerging security service threats as evidenced by threat activities present in monitoring data, threat modeling (asset- and attack- based), classified and unclassified threat briefs, United States-Computer Emergency Readiness Team reports, and other information available through trusted sources, interagency sharing, and sources external to GSA.

  • Review new or modified legislation, directives, policies, etc., for any changes to Federal security requirements, ensuring compliance with cybersecurity and supply chain requirements with GSA/FAS/ITC policies/procedures.

  • Analyze potential security impact to organization and mission/business process functions resulting from changes to any emerging cybersecurity, SCRM guidance and mandates.

  • Provision of professional expertise in supporting requirements associated with Information Assurance (IA) and security requirements associated with the Governments need to meet FISMA mandates (This support will include, but is not limited to, reviews of IA and FISMA related security documentation associated with deliverables, GSA security policies and procedures.)

  • Assisting with ISSO requirements and participating in related meetings, seminars, and conferences and taking relevant meeting notes/action items.

  • Provision of expert knowledge of the Department of Defense (DoD) as well as Federal Civilian Government A&A and Information Security Continuous Monitoring (ISCM) policies and procedures

  • Assisting Continuous Monitoring support of GSA FAS, ITC internal and external systems and applications. Provide A&A support for FAS, ITC internal and external systems and applications.

  • Perform of Continuous Monitoring of systems.

  • Familiarity with information assurance and security related policies and procedures for GSA as well as client agencies

  • Provide input to the development and implementation of the systems security organization-wide ISCM strategy along with development and implementation of the system level ISCM strategy.

  • Provide input to the development of organizational metrics, policies, and procedures. Compile; and correlate data into security-related use policies on ITC systems assessment and monitoring frequencies. Recommend provisions for ensuring sufficient systems security monitoring depth and coverage when sampling methodologies are utilized.

  • Provide ongoing input to the ITC systems security plans, security assessment reports, and POA&M’s based on the results of the ISCM process.

  • Provide technical and administrative support that helps the improvement and extension of the ITC systems security service offerings as they are identified and prioritized by the Government

  • Review ITC systems monitoring data to determine if organizational plans, policies, or interpretations of Federal policies should be adjusted or updated.

  • Support planning and implementation of ITC systems security controls the deployment of automation tools, and how those tools interface with one another in support of the ISCM strategy.

  • Review the reported security status of the ITC information systems to determine whether the risk to the system and the Federal customer remains within acceptable risk tolerances of Federal guidelines.

  • Review and provide support with ITC systems security incidents following Incident Response guidelines and processes.

  • Take steps to respond to risk as needed (e.g., request new or revised metrics, additional or revised assessments, modifications to existing common or PM security controls, or additional controls) based on the results of ongoing ITC systems monitoring activities and assessment of risk.

  • Assess ongoing ITC systems security control effectiveness; taking steps to respond to risk as needed (e.g., request additional or revised assessments, modify existing security controls, implement additional security controls, accept risk, etc.) based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the POA&Ms.

  • Update relevant security documentation. Perform reviews on all testing reports of security controls (more depth, less breadth) submitted by ITC system owners, and review and test completed ITC systems contingency plans annually.

  • Review ITC systems monitoring results (security-related data) to determine provider security status in accordance with organizational policy and definitions, which includes but is not limited to collecting all data to maintain complete, accurate, and current A&A packages for all ITC systems.

  • Review ITC systems monitoring data to identify new information on vulnerabilities.

  • Validate ITC systems are patched and hardened by the GSA hardening guidelines, by reviewing/analyzing required Quarterly Vulnerability Reports.

  • Reviews ITC internal system’s monthly/quarterly POA&Ms for weaknesses and ensures that valid mitigation plans are in place to address those weaknesses.

  • Determine the security impact of changes to the ITC information systems and its environment of operation, including changes associated with commissioning or decommissioning the system.

  • Report the security status of the ITC information systems, including the data needed to inform Tiers 1 and 2 metrics.

  • Ensure that all ITC systems staff with significant security responsibilities are current with all annual and other security training through review of required deliverables

  • Possibility of attending security conferences/forums, technical research and analysis for presentations, white papers, position papers, and to brief the findings relative to Information Assurance and Information Security.

  • Provide A&A support for both GSA Internal and External Information Systems which may include, but not limited to, providing assistance in the writing of the System Security and Privacy Plan (SSPP) and other supporting documents to achieve an Authorization to Operate (ATO).

  • Provide information assurance subject matter expertise for additional security initiatives, as required that are within scope of the task order.

  • Well versed in the use of Google and Microsoft applications. This includes, but is not limited to, google apps, MS Word, Visio, Excel, PowerPoint, programming, flow charts, architectural diagrams, macros, slides, Photoshop, graphical diagrams, etc.




BASIC QUALIFICATIONS:

  • Significant experience performing security assessments

  • Performing assessments in support of acquisition activities

  • Knowledge of DoD, FISMA, NIST, and other assessment standards and frameworks

  • Preparing assessment documentation, leading accreditation through established process

  • Demonstrated experience incorporating threat intel into security assessments

  • Ability to prepare and brief senior agency officials, acquisition staff, and general public

  • Experience writing System Safety Program Plan (SSPP)

  • Experience getting systems accredited and authorized to operate on federal networks




CERTIFICATION(S):

  • IAT Level III (CISSP preferred)




EDUCATION REQUIREMENTS:

  • Bachelor’s Degree




CLEARANCE LEVEL:

  • T2 background investigation




WORK ENVIRONMENT AND PHYSICAL DEMANDS:

  • Normal office environment.


BENEFITS:

  • Health, Dental, Vision, 401K Matching, AD&D Insurance


EEO Employer F/M/Vet/Disabled
Quality Assurance Analyst

The Washington Post

Washington, DC

Tue, 28 Jun 2022 23:46:21 GMT
As an analyst, you will work with cross-functional teams to understand business ...
Software Quality Assurance Analyst

G2 Global Solutions

Washington, DC

Wed, 29 Jun 2022 02:15:22 GMT
3-6 years of hands-on quality assurance experience with solid understandi...
Malware Analyst

Columbia Technology Partners

Washington, DC

Wed, 29 Jun 2022 00:08:17 GMT
Communicate written and verbal information in a timely, clear, and concis...
Continuous Monitoring POA&M Management

JCS Solutions LLC

Arlington, VA

Tue, 28 Jun 2022 23:41:14 GMT
Maintains an inventory of hardware and software for information systems f...
Senior IT Auditor

Castro & Company

Alexandria, VA

Tue, 28 Jun 2022 22:00:25 GMT
Comprehending the FISCAM and Financial Audit Manual (FAM) approaches and assess ...
Senior Information Security Analyst

Beshenich Muir & Associates Llc

Arlington, VA

Tue, 28 Jun 2022 22:17:55 GMT
Categorization of information systems and/or data types IAW NIST SP 800-6...
Principal Network Engineer - In-Building Construction

Verizon

Silver Spring, MD

Tue, 28 Jun 2022 23:14:39 GMT
You will also be responsible for gathering information from not only the ...
Information Assurance Analyst II

CACI

Springfield, VA

Tue, 28 Jun 2022 22:30:24 GMT
Experience in FISMA and other information assurance assurance-rela...
ISSO - Mid Level

Peraton

Herndon, VA

Wed, 29 Jun 2022 00:23:34 GMT
Duties and responsibilities include: Perform tasks delegated by the ISSM in supp...
Palo Alto Firewall Engineer

Leidos

Washington, DC

Wed, 29 Jun 2022 02:19:27 GMT
The Information Technology Department is responsible for securing not onl...
NMCC Continuous Monitoring/POAM Management, Active TS/SCI Security Clearance required, DoD 8570 Baseline Cert for IAT II required

FWDthink LLC

Washington, DC

Wed, 29 Jun 2022 01:25:32 GMT
Maintains an inventory of hardware and software for information systems f...
Cyber Defense Analyst - Senior ( Night Shift)

Iron Vine Security, LLC

Suitland, MD

Tue, 28 Jun 2022 22:18:33 GMT
6+ years’ experience in Network/data analysis, packet capture analysis, malware ...
Senior - I/A Continuous Monitoring/ POA&M Mgmt -CyberSecurity Specialist (TS/SCI)

KaylaTek

Arlington, VA

Wed, 29 Jun 2022 01:20:58 GMT
Maintains an inventory of hardware and software for information systems f...
IT Project Director / Senior Systems Analyst

ICF

Rockville, MD

Tue, 28 Jun 2022 23:25:20 GMT
Minimum of 12 years of software development and information technology ex...
Security Controls Assessor II

ManTech International Corporation

Washington, DC

Tue, 28 Jun 2022 21:40:18 GMT
Advise the Government concerning the impact levels for Confidentiality, Integrit...