Information System Security Officer / ISSO

Company Description

NXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes.  To support our customers needs; we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management and Business Process Services and Solutions.

Job Description

Information System Security Officer / ISSO duties include:

• Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
• Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications

• Evaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategy 

• Management of emerging and defined risks associated with the administration and use of assigned information systems 

• Coordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO) 

• Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package 

• Performing annual assessments to ensure compliance with the client’s policies and standards 

• Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented 

• Ensuring information system security requirement are addressed during all phases of information systems lifecycle 

• Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policies 

• Generate and interpret documentation needed to address the items detailed within the GRC tool

• Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy 

• Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required 

• Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy 

• Support the integration/testing, operations, and maintenance of systems security 

• Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions 

• Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures 

• Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities 

• Provides system operation support, administers hardware and software inventory 

Qualifications

Required Skills

• B.A. or B.S. in Computer Science or a related field
• System authorizations and configuration management
• Experience creating or modifying information security documentation
• Experience testing and documenting information security controls (NIST SP 800-53)

Additional Information

Active Public Trust clearance, adjudicated within past 5 years.

Must have worked on US Federal Government Projects.