Information System Security Officer (ISSO)
Req #: 223323
Location: Ashburn, VA US
Job Category: Security
Minimum Security Clearance: Secret
CACI's Agile Solution Factory (ASF) is hiring an Information System Security Officer (ISSO) to support product teams based in Ashburn, VA! Join this passionate team of industry-leading individuals supporting the Best Practices in Agile Software Development for the Department of Defense.
ASF programs thrive in a culture of innovation and are constantly seeking individuals who can bring creative ideas to solve complex problems, both technical and procedural at the team and portfolio levels. The ability to be adaptable and to work constructively with a technically diverse and geographically separated team is crucial.
The qualified applicant will be well versed in all technical aspects of the position requirements. They will act as liaison for all IA relevant tasking between government customer security offices and project management to ensure coordination and resolve any IA related issues or concerns and be well-versed in multi-tasking across several IA tasks at the same time.
The qualified applicant will need to have a deep technical understanding of Cybersecurity practices, delivering secure and reliable hardware and software solutions in short sprints. They will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and growth objectives- responsible for designing, developing, leading, and implementing the implementation of secure facilities and communications between the contractor and government agencies.
They must have a working knowledge of enterprise class information assurance requirements and network security and survivability.
They will also be responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance.
The ISSO is responsible for the Information Assurance and Security system and network services. Responsible for activities associated with delivery of Cybersecurity policy implementation and network solutions associated with customer-defined systems and software projects; responsibilities include:
* Responsible for program compliance and implementation for secure networks under government sponsorship.
* Support implementation of certification test plans, vulnerability scans, and continuous monitoring task.
* Responsible for providing information assurance support for digital information, ensuring its confidentiality, integrity, and availability. Responsibilities include the maintenance of authorization to operate IT systems, monitoring and testing of IT systems for vulnerabilities and prevention of compromise, support to incident response and remediation, implementation of appropriate policy, relevant user security awareness and training, and compliance with applicable government policies and directives.
* Prepare system security plans in accordance with the requirements of the DAAPM under the NIST RMF process for Assessment and Authorization (A&A).
* Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis.
* Ensure system security measures comply with applicable government policies.
* Provide support to the Information System Owner for maintaining appropriate operation information assurance (IA) posture for programs.
* Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional
* Draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, SCTM)
* Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems
* Assist the FSO with all aspects of the physical security measures of the secure facility
* Must be a U.S. Citizen, with an active Government security clearance
* College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline
* Certifications: CISSP Certification is required within 6 months of appointment. Must have Security+ Certification if not CISSP Certified.
* Demonstrated knowledge of National/DoD/Army Directive security policies including, but not limited to:
DoD 5220-22-M, National Industrial Security Program Manual, incorporating Change 2, May 18, 2016.
Defense Security Service, National Industrial Security Program (NISP) Assessment and Authorization Program Manual (DAAPM), August 24, 2016.
DOD Instruction 8500.01, Cybersecurity, 14 March 2014
DOD Instruction 8510.01, Risk Management Framework (RMF) for DOD Information Technology (IT), 12 March 2014 Incorporating Change 2, July 28, 2017
NIST SP 800-53, Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
* Demonstrated knowledge of DOD RMF accreditation implementation
* Demonstrated experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability Scanner
* Demonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologies
* Demonstrated experience using eMASS
* Experience with continuous integration tools and environments
* Ability to identify and manage risk
* Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement
* Excellent written and verbal communication skills
* Strong collaboration skills and desire to work within a team
* Understanding of all elements of the DOD Cybersecurity policies and requirement
* Highly responsible, team-oriented individual with very strong communication skills and work ethic; self-starter
* Professional Experience: 10+ years related technical experience
* Demonstrated knowledge and experience with ISO 27000 information security management principles
* Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas
* Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness
* Experience with scripting languages such as Perl, VBScript, Ruby, etc.
* Experience with Computer Network Defense (CND) processes, procedures, and tools
* Acts independently to expose and resolve problems
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.
CACI International is a provider of information solutions and services in support of national security missions and government transformation for intelligence, defense, and federal civilian customers.