View all jobs
JR. INFORMATION SYSTEMS SECURITY OFFICER (ISSO) - (TS/SCI with CI Poly Clearance Required)
Fairfax, VA · Information TechnologyOne of our premier clients is is looking for a highly motivated individual to serve as an Information Systems Security Officer (ISSO) for a Full-Time role in their Fairfax, VA. headquarters. The individual will be responsible for assisting the ISSM/ISSO within Zeta’s facilities to ensure compliance with Intelligence Community (IC) and Department of Defense (DoD) guidelines and directives while assisting the Security Team with special projects support. To be considered for this role you, must have an active Top Secret/SCI with CI Poly level clearance.
Job Description:
Perform assessments of systems and networks within the networking environment or
enclave and identifies where those systems/networks deviate from acceptable configurations, enclave
policy, or local policy. This is achieved through passive evaluations (compliance audits) and
active evaluations (vulnerability assessments).
• Develops documentation in support of Risk Management Framework (RMF) processes; operating procedures, and policies;
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Operating within cleared environments performing Information Assurance specific activities to meet client needs and timelines;
• Performing Continuous Monitoring (ConMon) duties in accordance with NIST SP 800- 137 (Continuous
Monitoring) to include auditing for anomalous or malicious user activity;
• Establish strict program control processes to ensure mitigation of risks and supports for obtaining certification and accreditation of systems. This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits;
• Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed;
• Perform Media management activities, handle and have familiarity with controlling, labeling,
virus scanning solutions-software and appropriate transfer of data (uploading/downloading) between
different classification domains via manual and automated processes.
Basic Qualifications:
• Experience with security tools, hardware or software security implementation, communication
protocols, and Encryption techniques or tools
• TS/SCI clearance with a polygraph
• DoD 8570 compliance: Information Assurance Management (IAM) Level I certification
Additional Qualifications:
• Experience in Nessus Scanning
• Experience in STIG/SCAP
• Experience in Splunk, including Security Essentials
• Experience using eMASS
• Experience with Service Now
• Experience with Linux OS
• Experience conducting ISAP inspections
Required Skills:
• Active TS/SCI + CI Poly
• Experience with various security frameworks to include ICD 503, NIST SP 800-37, CNSS publications, and other Risk Management Framework (RMF) processes
• Knowledge of scan tools and systems (STIG, SCAP, EVSS, Security Center, NESSUS, NMAP)
• Advanced problem solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
• Analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions
• Must work seamlessly with programs and development teams to be able to communicate security practices from the development requirements
• Security Certifications depending on role/location (e.g. Security +, CISSP, etc.) or obtain within six months of hiring.
Desired Skills:
• Experience configuring, securing, managing and troubleshooting Windows systems
• Experience configuring, securing, managing and troubleshooting Linux/Unix systems
• Experience with IC customer’s ServiceNow and DoD eMass
• Experience with Amazon Web Services or other cloud technologies
• Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff consumption
Education and Experience:
• Bachelor’s Degree in Computer Science, Information Technology, related field, or
comparable experience
Job Description:
Perform assessments of systems and networks within the networking environment or
enclave and identifies where those systems/networks deviate from acceptable configurations, enclave
policy, or local policy. This is achieved through passive evaluations (compliance audits) and
active evaluations (vulnerability assessments).
• Develops documentation in support of Risk Management Framework (RMF) processes; operating procedures, and policies;
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Operating within cleared environments performing Information Assurance specific activities to meet client needs and timelines;
• Performing Continuous Monitoring (ConMon) duties in accordance with NIST SP 800- 137 (Continuous
Monitoring) to include auditing for anomalous or malicious user activity;
• Establish strict program control processes to ensure mitigation of risks and supports for obtaining certification and accreditation of systems. This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits;
• Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed;
• Perform Media management activities, handle and have familiarity with controlling, labeling,
virus scanning solutions-software and appropriate transfer of data (uploading/downloading) between
different classification domains via manual and automated processes.
Basic Qualifications:
• Experience with security tools, hardware or software security implementation, communication
protocols, and Encryption techniques or tools
• TS/SCI clearance with a polygraph
• DoD 8570 compliance: Information Assurance Management (IAM) Level I certification
Additional Qualifications:
• Experience in Nessus Scanning
• Experience in STIG/SCAP
• Experience in Splunk, including Security Essentials
• Experience using eMASS
• Experience with Service Now
• Experience with Linux OS
• Experience conducting ISAP inspections
Required Skills:
• Active TS/SCI + CI Poly
• Experience with various security frameworks to include ICD 503, NIST SP 800-37, CNSS publications, and other Risk Management Framework (RMF) processes
• Knowledge of scan tools and systems (STIG, SCAP, EVSS, Security Center, NESSUS, NMAP)
• Advanced problem solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
• Analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions
• Must work seamlessly with programs and development teams to be able to communicate security practices from the development requirements
• Security Certifications depending on role/location (e.g. Security +, CISSP, etc.) or obtain within six months of hiring.
Desired Skills:
• Experience configuring, securing, managing and troubleshooting Windows systems
• Experience configuring, securing, managing and troubleshooting Linux/Unix systems
• Experience with IC customer’s ServiceNow and DoD eMass
• Experience with Amazon Web Services or other cloud technologies
• Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff consumption
Education and Experience:
• Bachelor’s Degree in Computer Science, Information Technology, related field, or
comparable experience