Remote Information System Security Officer (ISSO)
United States
Full Time Senior-level / Expert Clearance required USD 86K - 138K
Peraton
Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly...Responsibilities
Peraton is seeking an Information System Security Officer (ISSO) to join our team of qualified, diverse individuals. The ideal candidate will be part of the Peraton Security Team and play a Cybersecurity operational compliance role within the Data Center and Cloud Optimization (DCCO) program. This individual will be able to demonstrate industry expertise of security governance, risk and compliance domain in AWS GovCloud.
This is a 100% Remote position.
If you enjoy learning about new technologies and applying them to provide cutting-edge services to customers, Peraton is the place for you. With a strong focus on biometric security and the science of fingerprint, face, and iris recognition, we develop state-of-the-art technologies that preserve freedom and advance human discovery. Our pioneering and inventive spirit has placed us at the forefront of numerous technological advancements. We continue to innovate, with our employees not only being part of history but also actively making it.
Day to Day Work Responsibilities:
- Responsible for performing one or more Government Information Systems and assisting with end-to-end Governance Risk and Compliance (GRC) functions.
- Ensure information systems are following National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA), and Department of Homeland Security (DHS) requirements.
- Develop project and task schedules, track and report metrics, and to identify and communicate potential risks and/or impediments to project success.
- Manage and maintain System Security Plans (SSP) in accordance with NIST Special Publication 800-53 and DHS 4300a requirements in the DHS instance of CSAM (Cyber Security Assessment and Management Application).
- Develop core SSP documentation such as: Configuration Management Plans; Contingency and Disaster Recovery Plans; Incident Response Plans; relevant system Standard Operating Procedures; and Plan of Actions and Milestones (POA&M).
- Prepare SSPs for Security Authorization and High Value Asset assessments.
- Maintain system artifacts for evidence-based proof that SSP security controls are implemented, documented, operating as intended, and producing the desired results.
- Maintain hardware, software, ports, protocols, and services inventories.
- Manage and update the SSPs of responsibility to reflect the security impacts of system changes based upon activities and projects resulting from the Change Management process and procedures.
- Identify potential POA&Ms, open, track remediation efforts, and support fact-based efforts to close system POA&Ms with the consent of the ISSO/ISSM.
- Oversee SSP compliance in an Amazon Web Service (AWS) GovCloud, a FedRAMP environment.
- Manage the security posture of cloud environment through the use cloud native security tools, and non-native Security Event and Incident Management (SEIM) tools.
- Ensure SSP compliance within the requirements of the AWS Share Responsibility Model.
- Contribute to discussions and security decisions with respect to virtualized RHEL and Windows instances in cloud environments.
- Contribute to discussions and security decisions with respect to containerization, micro-segmentation, and virtualized network, storage, and compute platforms.
Qualifications
Required Qualifications:
- US Citizenship required; Must have the ability to obtain and maintain a DHS Public Trust clearance.
- Bachelor’s degree and 5 years’ experience or Master’s degree and 3 years’ experience or Associate’s degree and 7 years’ experience or HS diploma/equivalent and 9 years’ experience.
- 5+ years of experience as a named ISSO for a Federal Government System.
- Excellent knowledge of the NIST Risk Management Framework (RMF) and NIST Special Publication 800 series and DHS Security Policy 4300a.
- Strong understanding of the CSAM Governance Risk and Compliance tool.
- Experience with AWS GovCloud based systems and DevSecOps tools.
- Experience working with FIPS 199 High Systems and/or systems containing Privacy data.
- Knowledge of federal security and regulations, DHS Security Policy and AWS GovCloud FedRAMP structure.
Preferred Qualifications:
- Experience within DHS or with a DHS Component.
- Experience working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations, and directives.
- Experience with native AWS security tools like CloudWatch, Guard Duty, CloudTrail, etc., and industry standard SEIM tools like JIRA and Splunk.
- Cybersecurity certifications preferred (one or more of the following): CISSP, CISM, AWS Security Professional, CCSP, CCSK, CISA, or CRISC.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
Target Salary Range
$86,000 - $138,000. This represents the typical salary range for this position based on experience and other factors.Tags: AWS CCSK CCSP CISA CISM CISSP Clearance Cloud Compliance CRISC DevSecOps FedRAMP FISMA Governance Incident response Jira NIST NIST 800-53 POA&M Privacy Risk management RMF Security assessment Splunk System Security Plan Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open Threat intelligence-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs