Senior Information System Security Officer (ISSO)
Sterling, VA
FWG Solutions, Inc.
This program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots, and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this effort, you will serve as an Information Systems Security Officer who will support the Agile Release Trains (ART) in defining security requirements, translating RMF-related governance and policies as well as supporting the reduction of cybersecurity risks to our customer's environments. As an Information Systems Security Officer (ISSO), your responsibilities will include:Managing all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches.Understanding the Risk Management Framework (RMF), how risk management is executed, what risk means, and how to analyze it.Spearheading Authority to Operate (ATO) and/or Authority to Proceed (ATP) efforts while making independent recommendations to Government Leads during these processes.Conducting risk analysis from vulnerability and compliance scans, pen testing results, or other audit activity.Creating written works to include but not limited to Plans of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.Participating in Agile Planning Events to provide technical input. Required Education, Experience, & SkillsBachelor’s degree and 7+ years' work experience or equivalent experience or 10 years related work experience, to include:Being a self-starter who’s able to work in both independent and team environments while building work relationships with SMEs across divisions. Additionally, must be comfortable with cyber security and able to brief issues to the customer.The ability to articulate and provide a true and accurate status update on government IT systems security posture as well as overall system health to the customer in a clear and concise manner.Experience executing the NIST Risk Management Framework (RMF) and applying security practices found in NIST publications. (i.e. SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, etc.)Experience documenting System Security Plans to include security control implementation statements.Experience conducting periodic reviews of implementation statements to ensure persistent compliance with applicable government and agency-level policies in addition to ISO and NIST standards.Experience validating the implementation of security controls within a cloud environment (AWS or Azure).Supporting the security assessment and authorization (or ATO) process.Analyzing testing results from scans, audits, penetration tests, or other test efforts to determine risk levels.Hands-on experience with vulnerability management tools such as Tenable Nessus and Security Center.Conducting Continuous Monitoring and maintaining the security posture of IT systems within on-prem, cloud, and hybrid environments.Knowledgeable on one or more cloud computing services and technologies including but not limited to AWS, Microsoft Azure, VMware, etc.Familiarization with the Microsoft Office 365 Suite. (i.e. Word, PowerPoint, SharePoint, Excel, etc.) Preferred Education, Experience, & SkillsCyber program experience within federal customer space is a plus!Familiarization with Scaled Agile Frameworks (SAFe), agile development principles, and DevSecOps methodologies is a plus!Experience with managing vulnerabilities on virtualized IT systems and assets or virtual machines (i.e. VDI and VMware.) is a plus!Experience with SAFe Agile tools like Jira, Jira Align, or ServiceNow.Certifications such as CISSP, CCSP, AWS, Microsoft Azure, CISA, CAP, and SAFe 6 are highly desired.
This opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.
If you require accessibility assistance for this open position, please contact the Human Resources Department at HR@fwgsolutions.com.
VEVRAA Federal Contractor, Equal Opportunity Employer (EOE)/AA Minority/Female/Veteran/Disabled/LGBTQ are encouraged to apply.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits AWS Azure CCSP CISA CISSP Cloud Compliance DevSecOps DoD FIPS 140-2 Governance ISO 27001 Jira Monitoring Nessus NIST NIST 800-53 Pentesting Risk analysis Risk management RMF Security assessment Security Impact Analysis SharePoint System Security Plan VMware Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Career development Competitive pay Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs