As a trusted advisor and leader in cybersecurity, Coalfire has more than 20 years in IT security services. We empower organizations to reduce risk and simplify compliance, while minimizing business disruptions. Our professionals are renowned for their technical expertise and unbiased assessments and advice. We recommend solutions to meet each client's specific challenges and build long-term strategies that can help them identify, prevent, respond, and recover from security breaches and data theft. We're on the cutting edge of one of the world's most important industries, and we protect our clients from ever-evolving security threats through our innovative advisory, auditing, and ethical hacking solutions. We're growing rapidly and are currently seeking an Information System Security Officer to support our team in Arlington, VA.
What you'll do
In this role, you'll provide Information System Security Officer (ISSO) support to our client in Crystal City, VA. As an ISSO, your responsibility will be to assist System Owners (SO) manage and monitor Agency systems throughout different stages of the System Development Lifecycle (SDLC). You must be able to overlay, perform, or support the activities defined in the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) to obtain and maintain agency compliance.
Additionally, you will be responsible for:
* Ensure risk analyses are completed to determine cost-effective and essential safeguards
* Maintain and update system security documentation as required in accordance with Agency defined frequencies.
* Perform Continuous Monitoring activities in accordance with the Agency and NIST Continuous Monitoring requirements. The support includes creation of new documents and update of existing documents per contract requirements.
* Support continuous monitoring testing and assisting in the management of the Plan of Actions and Milestones (POA&M)
* Coordinate with the system owner and project team to establish and document processes for audit log management/review, account management, separation of duties and configuration management and to complete all documents defined in the Documents section below.
* Collaborate with the system owner, project team and the Agency's Information Assurance Division to ensure that system security requirements are identified, documented, constructed and validated throughout the project lifecycle, and to coordinate the review of System Security documents by the authorizing official (AO).
* Ensuring security assessments and authorizations (SA&A) of Agency information systems are completed in accordance with the published procedures and providing appropriate level of support for SA&A activities
* Review Security Assessment Plans (SAP), Security Assessment Report (SAR) and assist internal and external audit teams throughout the assessment and authorization process.
* Perform 1/3 security assessment to facilitate the authorization or ATO.
* Serve as a key point-of-contact between the IA Division and the project team and/or system owner before, during and after audit and assessment activities.
What you'll bring
As an ISSO, you will have to be familiar with the Federal Information Security Modernization Act of 2014 (FISMA), Privacy Act of 1974, and the following:
* Bachelor's degree (four-year college or university), preferably in Information Systems, Computer Engineering, Computer Science, or Cybersecurity, or equivalent combination of education and experience
* Must possess a Secret Clearance
* Must possess at least one of the following certifications: CISSP, CISM, CAP, GSLC, or CASP
* National Institute of Standards and Technology Special Publication series (800-53, rev.4, 800-53a, 800-37, 800-61, etc.).
* Five or more (5+) years of relevant experience in functional responsibilities
* Experience performing system analysis, system audits, system monitoring, security control assessment/testing (or ST&E), risk management, and incident response.
* Knowledge and/or experience using CSAM
* Knowledge of DISA STIGS, CIS Benchmarks
* Experience using or interpreting Nessus scans
* Understanding of FedRAMP and cloud technologies e.g. AWS, MS Azure
* Experience with MS Project and Visio
Why you'll want to join us
Our people make Coalfire great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve. Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We're connected by our desire to innovate and our goal of helping to make the world a more secure place.
Coalfire's high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire - we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we're active in our communities. Plus, we offer great benefits, including:
* Health, dental, and vision insurance with an employer contribution
* Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
* A generous 401(k) plan
* A corporate wellness program
* Tuition reimbursement
* A kitchen stocked with snacks, coffee, and tasty beverages
Coalfire is an EEO employer.