NorthHill Technology Resources has a need for a Mid-Level ISSO to support a Federal Program in Washington DC. This is a hybrid role, with 2 days onsite and 3 days remote per week. Due to the nature of the work, US Citizenship and the ability to obtain Public Trust is required.
Mid-Level Federal ISSO / Assessor Support
Job Overview
In this role, the Mid-Level ISSO Support is responsible for providing security compliance support to a federal agency policy and compliance program. This position is responsible for monitoring and maintaining the security posture of Federal computer systems at the client agency. This role may also act as a back-up to the control assessors on the program and assist with assessing the security controls for the agency’s information system. The candidate will perform the following tasks:
• Working with the system owner and program office to ensure their systems adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) following the NIST Risk Management Framework (RMF) 800-37/53/53A guidance
• Ushering systems through the FISMA process using NIST 800-series guidelines, security assessment and authorization (SA&A) requirements and processes
• Reviewing results from vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports
• Developing system-specific ATO schedules to ensure all activities are accomplished according to the master schedule
• Leveraging the Microsoft suite office products to write and edit security document
• Maintaining up to date documents such as procedures, work instructions, plans and manuals
• Conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls in accordance with NIST 800 series guidelines and the Risk Management Framework (RMF) as documented in NIST SP 800-37.
• Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
Qualifications
• Excellent customer service
• FISMA, NIST, FedRAMP and SA&A knowledge and first-hand experience as an ISSO or as a Security Control Assessor
• Experience using scanning tools/devices and/or interpreting results from tools such as Nessus
• Familiarity with CSAM, Xacta, or other FISMA reporting tool
• Risk assessment experience, especially with NIST 800-53 Threat Identification, system security categorization, gap analysis, compliance reporting
• Develop, track, create, and manage POA&Ms
• Familiarity with cloud systems (Azure, Salesforce and AWS) and federal cloud computing requirements desired
• Operational security experience or experience as a sysadmin desired
• System Security Plan knowledge and creation experience desired
• Knowledge of and experience with quality assurance and continuous monitoring
• Three (3) years of experience with FISMA, NIST 800 Series Special Pubs with particular emphasis on 800-37 Risk Management Framework
• Performing full A&A lifecycle activities to include continuous monitoring, vulnerability management, scanning, risk management
• Proficient with Microsoft products - Word, Excel, PowerPoint
• One active certification required; CISA or CAP preferred
• Bachelor’s Degree in computer science or related field or a combination of education and experience equivalent to a Bachelor’s degree. Equivalent experience can be substituted for a degree.