Cyber Security Innovations LLC ISSO Lanham, MD · Full time

Cyber Security Innovations (CSI) is seeking a security professional with experience performing FISMA compliance for the federal government. The Information System Security Officer (ISSO) is responsible for Security Authorization activities for CSI’s client in accordance with National Institute of Standards and Technology (NIST) 800 series. A successful candidate will manage tasks related to the planning and preparation for security documentation related to the system authorization process. The individual should have extensive knowledge of cloud environments and FedRAMP processes. The individual should have a strong background in NIST 800-37, Risk Management Framework and NIST 800-53 security controls.

Description

Position Responsibilities:

Specifically, the ISSO will be responsible for the following:

  • Develop and update the information system security documentation (e.g., Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.)
  • Ensure systems are appropriately patched and hardened.
  • Coordinate the remediation of Plan of Action and Milestones (POA&M) with various groups.
  • Facilitate and support the Ongoing Authorization Program.
  • Effectively communicate technical information to non-technical personnel.
  • Conduct ISSO responsibilities to include the approval of change request, review of audit logs, review of system accounts, and analysis of vulnerability scans.
  • Develop waivers & exceptions for information system vulnerabilities.
  • Work with clients to develop capabilities briefings and presentations.
  • Provide security recommendations to the Risk Management Branch Chief.


Position Requirements:

Candidate must have:

  • One or more of the following certifications: CISSP, Security+, ISSAP, CEH, CISM, CISA
  • Bachelor’s degree or higher
  • 7+ years experience in the field of information security
  • Knowledge of security tools, security architecture, and NIST security standards and compliance measurements
  • Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, and 800-137
  • Understanding of the NIST Supplemental guidance for Ongoing Authorization


Desired candidate skills include the following:

  • Engineering/architecture experience with systems in the cloud; specifically, AWS, Google, or Azure.
  • Experience with Agile development practices.
  • Ability to develop scripts or dashboards.
  • Experience with CI/CD - Deployment pipeline experience (e.g., Jenkins, Ansible, Terraform)
  • Experience with programming languages (e.g., Python, Java).
  • Experience with container/orchestration tools (e.g., Kubernetes, Docker, Puppet).
  • Possess ability to provide security recommendations during the change management process.
  • Knowledge of Fortify, Twistlock, Nessus, DBProtect, and WebInspect vulnerability scanners.


Job Type: Full-time


Benefits:

  • 401(k)
  • Dental insurance
  • Health insurance
  • Life insurance
  • Paid time off
  • Tuition reimbursement
  • Vision insurance


Ability to commute/relocate:

  • Temple Hills, MD 20748: Reliably commute or planning to relocate before starting work (Required)


Experience:

  • IT Security: 7 years (Required)


License/Certification:

  • one of: CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA (Required)


Work Location: Hybrid remote (1 day in office per week) in Camp Springs, MD 20748