ISSO in Washington, DC at APEX Systems

Date Posted: 2/14/2020

Job Snapshot

Job Description

Job #:  1049156

Job Title
Information Systems Security Officer
Contract / Proposal / Department
Work Location(s) – City, State, Zip
Washington DC 20005
Labor Category
Computer Security Systems Specialist - Level III
Labor Category Source
Job Description
To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems, and provide an accurate accounting and tracking for shortcomings and weaknesses. The weaknesses will be tracked, monitored and reported in Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA) and continuous monitoring activities will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making
In addition to the personnel required to directly perform the subtasks listed in this section, the Contractor may provide Subtask support.  Each Subtask support will provide effective implementation of their assigned subtask.  Responsibilities include but are not limited to:

•  Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring);

•  Ensuring OFR goals are communicated to the task area supporting personnel;

•  Providing guidance, support, and supervision to the subtask area supporting personnel;

•  Ensuring supporting personnel are properly prioritizing tasks and responsibilities;

•  Ensuring proper allocation of tasks among supporting personnel, as applicable;

•  Ensuring proper scheduling of tasks among supporting personnel, as applicable;

•  Providing the final quality verification/validation of deliverables prior to submission to the OFR; and ensuring compliance with OFR timelines and deadlines for deliverables and associated subtask completion dates.
Key Tasks and Responsibilities
  • Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps
  • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
  • Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums
  • Identify, assess, and prioritize identified risks
  • Collect evidence, artifacts, and document findings to support conclusions
  • Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
  • Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
  • Coordinate third-party risk assessments and IT audits
  • Manage remediation efforts and report on the status of control deficiencies
  • Support security initiatives and global policy adherence and awareness efforts
  • Support global information security metrics and reporting program(s)
  • Provide security expertise to business units and key stakeholders
  • Enforce policy adherence and manage formal policy exception requests
  • Provide timely status updates/reporting on assessments and assigned projects

Education & Experience
  • A Bachelor degree in Computer Science or a related engineering field with training in information security
  • 10+ years’ experience in Information Security
  • 5+ years’ experience building and managing Windows server platforms
  • Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations
  • Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (ie., FedRAMP)
  • Thorough knowledge of federal laws and directives pertaining to information security
  • Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities
  • Experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum  Benchmarks: CIS, STIGS)
  • Experience reviewing system logs for potential intrusions and policy violations. 
  • Experience using Forescout, Bigfix, and RES a plus

  • CISM

Security Clearance
  • Must be able to obtain an Agency specific clearance.
  • Must be a US citizen or permanent resident

EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178.