Information System Security Officer (ISSO)

Location: Chantilly
Clearance Requirement: TS/SCI with FSP

The successful candidate will leverage their strong technical background/knowledge to support the Customer’s system accreditation efforts, to include creating Body of Evidence (BOE) documentation, responding to/implementing/documenting required controls, and completing required tasks/actions.

Duties, Tasks & Responsibilities

  • Creating, updating, maintaining, and interpreting required Body of Evidence (BOE) documentation
  • Working with management, internal teams, and Customer’s authorities to successfully navigate the Customer’s accreditation process for all systems
  • Documenting responses to required controls and updating as necessary
  • Performing Nessus scans and interpreting the results
  • Maintaining a robust library of documentation, to include network diagrams for cyber defense capabilities and sensors, and making documentation available to all personnel with appropriate need-to-know
  • Maintaining, updating, and conducting routine vulnerability scanning across all Customer networks
  • Maintaining system baselines and configuration management items, including security event monitoring policies
  • Working with all stakeholders to ensure complete and functioning systems that meet all requirements
  • Recommending, and when approved, implementing process and policy improvements

Required Experience, Skills, & Technologies

  • Significant, demonstrated experience navigating the Customer’s accreditation process and ICD 503 requirements, especially as it relates to creating Body of Evidence (BOE) documentation
  • Significant, demonstrated experience meeting security requirements in the Customer’s environment or similar environments (prior ISSO experience)
  • Experience performing Nessus scans and interpreting the results
  • Experience working across a large team to drive a security agenda
  • Experience working with complex, intertwined systems and data flows
  • Experience inventorying complex networks, and with all facets of network documentation (security compliance, configuration management, patching, centralized authentication, removable media, etc.)
  • Security-focused knowledge of a wide range of diverse technologies/disciplines (networking, UNIX/Linux, Windows, Storage, Virtualization, etc.)
  • Experience creating, maintaining, and communicating complex information technology documentation, particularly network and security documentation
  • Self-starter with excellent people skills – able to work across teams, organize meetings/boards, and drive change throughout an organization

Desired Experience, Skills & Technologies

  • CISSP strongly desired
  • Experience with the Xacta 360 cyber risk and compliance automation tool strongly desired