View all jobs

ISSO (Active TS or Q Required)

Washington, DC
NorthHill Technology Resources has an outstanding opportunity with DOE located in DC for an ISSO.   It is a direct hire position requiring an active TS or Q Clearance
Information Systems Security Officer
Primary Responsibilities:
  • Serve as an Information Systems Security Officer for the organization and lead security officer for systems as assigned by the CISO/ISSM.
  • Provide day-to-day system security operations to ensure that operational security is maintained for various Information Systems.
  • Perform security activities to include:
    • Development and assessment of security architectures.
    • Work with ISSM/CISO to determine security control alternatives
    • Conduct Security controls and testing
    • Conduct security /supply chain /FOCI assessment of new software and tools
    • Conduct data transfer operations
    • Review network scans to determine abnormalities
    • Prepare technical documentation including the Systems Security Plan (SSP), Security Assessment Report (SAR) Risk Assessment Report (RAR), Plan of Actions and Milestones (POA&M) 
  • Create and Maintain Certification and Authorization (C&A)/ Assessment and Authorization (A&A) documentation: Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Contingency Plan, Incident Response Plan, and Configuration Management Plans
  • Assist with assessing Information Assurance long-term needs and acquisition requirements to accomplish mission objectives.
  • Implement information security standards and procedures.
  • Provide configuration management support for reviewing, coordinating, implementing, and enforcing information systems security changes to the infrastructure.
  • Evaluate security solutions to ensure they meet security requirements for processing classified information.
  • Conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DoD, and local authority’s security requirements as appropriate.
  • Advise management and stakeholders on security-related matters.
  • Ensure the operational security posture of their systems, they are responsible for the daily security operation of their assigned systems and they advise their partners on specific IT and security policy procedures.
  • Ensure that management, operational, and technical controls for securing Office are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
  • Manage changes to system and assess the security impact of those changes.
  • Prepare and review documentation to include System Security Plans, Risk Assessment Reports, Assessment and Authorization packages, and System Requirements Traceability Matrices.
  • Ensure a strong customer focus.
  • Respond to security incidents, and report incidents to the appropriate authorities.
  • Performed equipment decommissioning and sanitization.
  • Facilitate Personal Electronic Devices (PED) into and out of the SCIF as required.  Assure that all PEDs have been disabled prior to SCIF entry
  • Review existing legacy and info-share repositories and update as needed
  • Possess 10 years of professional experience with experience in the areas of information assurance, accreditation and authorization (A&A) of systems (formerly referred to as certification and authorization – C&A).
  • Possess a bachelor’s degree in a relevant technical field
  • Possess at least one security certification (e.g. CISSP, CISA, CISM).
  • Experience proactively provided system security support IAW ICD 503 / Risk management Framework (RMF).
  • Knowledge of the DoD, IC, or national level system security initiatives and classified programs and infrastructures.
  • Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
  • Possess experience with NIST 800 publications standards.
  • Possess knowledge of how to use the NVD and NIAP portals to review software or hardware vulnerabilities
  • Knowledge of ACAS Nessus/Tenable vulnerability and compliance scans.
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
  • Knowledge of cloud architecture
  • Knowledge of virtualization

More Openings


Share This Job

Powered by