Security Analyst / Information Systems Security Officer (ISSO)
We are seeking a highly skilled Security Analyst to join our cybersecurity team as an Information Systems Security Officer (ISSO) supporting a program with the Defense Information Systems Agency (DISA). The ideal candidate will hold a Certified Information Systems Auditor (CISA) or Security+ certification and possess hands-on experience with information security practices, risk management, and compliance. You will lead in the implementation, maintenance, and enforcement of security policies to protect sensitive data and ensure compliance with applicable regulations and standards.
Clearance: This position requires an active DOW/DoD Secret Clearance.
Responsibilities & Duties:
Responsible for continuous monitoring activities for systems, including monitoring for security threats, performing access reviews, reviewing and developing mitigation for vulnerability assessment reports, and proposing enhancements for system security.
· Support security operations centers (or similar capabilities) in supporting system reviews and potential incident investigations.
· Maintain knowledge of the security architecture and the business purpose of systems.
· Document and maintain knowledge of all relevant NIST 800-53 controls for each IT system for which the ISSO is responsible.
· Update SSPs semi-annually and document any changes.
· Certify the accuracy of continuous monitoring information for assigned systems.
· Advise on proposed architecture or configuration changes using the established change and configuration management process.
· Certify software planned to be introduced to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
· Support the agency on periodic internal and external audits, including support for the execution of identified corrective action plans as needed.
· Evaluate and advise on all access requests for privileged accounts to IT systems.
· Support and produce any artifacts that are required for Ongoing Authorization and the NIST Cyber Security Framework (CSF).
· Perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self-assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on-site review results.
· Conduct security architecture reviews to ensure that the program's architecture is in compliance with STIG requirements and best practices. This technical analysis will be considered in the risk analysis and documented/included in the certification recommendation.
· Develop customized checklists based on the security architecture, special-purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
· Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk. This shall include reviewing and analyzing submitted POA&Ms with detailed technical justification and references for mitigations and determining
if the proposed solution is adequate mitigation for approval. This technical analysis shall be documented/included in the statement of residual risk.
· Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures and to determine residual risk.
Required Qualifications:
· Bachelor's degree in computer science, information systems, or another related field.
· 4+ years of experience performing or supporting the responsibilities of an ISSO in a US Government environment.
· 4+ years of experience in National Institute of Standards (NIST) cybersecurity standards and best practices.
· Experience with any/all of the following relevant tools: Government-provided resourcing tool (used to execute and on-site review), eMASS (for control reviews), Requirement Tracking System (RTS) (to submit actions for review/signature), PPSM database, Whitelist Tool, DoD Information Technology Portfolio Repository (DITPR), and RMF Knowledge Service.
· Active Secret clearance required
Preferred Qualifications:
· One of the following certifications:
o Information Systems Security Professional (CISSP)
o Certified Information Security Manager (CISM)
o CompTIA Security +
· Knowledge of US Government security regulations and methodologies: FISMA, FedRAMP, and NIST special publications.
About NextGen:
NextGen Federal Systems is an innovative technology and professional services provider specializing in advanced software solutions and comprehensive mission and business support services. We work in close collaboration with our customers to truly understand their business and mission goals. Our approach is to design, build, implement, and manage solutions that measurably improve our client’s organizational performance. We have established and foster a corporate culture where we:
- Treat employees with fairness and respect regardless of their position, sexual identity, race, or tenure.
- Communicate the importance of our mission and our employees’ contributions to it, ensuring they understand how their job role contributes to the greater good.
- Openly promote and communicate our ideas for change and adaptability.
- Strive to achieve results as an organization.
- Hold employees accountable to their commitments and provide incentives that encourage positive and productive behaviors.
- Value the talents and contributions of our employees as the key factor for our success.
- Create an environment where people can engage at all levels.
- Encourage people to take risks and allow them to make mistakes.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
RefID: A01