Information Systems Security Officer (ISSO)
ITCON Services is seeking to hire a motivated and knowledgeable Information Systems Security Officer (ISSO) to join our team. The ISSO will work with multiple teams of developers and analysts in a dynamic environment. The ideal candidate should be able to multi-thread work in different customer environments.
The Information Security Analyst responsibilities will include:
- Scanning and analyzing Information Systems for security vulnerabilities
- Reviewing scan reports to determine remediation path
- Working with the project teams to implement vulnerability remediation
- Tracking and resolving POAMs on time
- Producing actionable; risk-based reports on security assessment results
- Managing; training and mentoring more junior team members
- Assisting with vulnerability remediation when necessary
- Developing necessary documentation to secure Federal System ATO
- Design, develop, and recommend integrated security system solutions that will ensure proprietary and confidential data and systems are protected
- Provide technical engineering services for the support of integrated security systems and solutions
- Interface with clients in the strategic design process to translate security and business requirements into technical designs
- Configure and validate secure complex systems, tests security products and systems to detect security weaknesses. In addition to technical tasks, the candidate will be responsible for mentoring junior team members, contributing to technical solutions across multiple projects, and providing input on technical proposals.
At ITCON, we offer competitive compensation, paid training and development opportunities, healthcare benefits that start on your first day, commuter benefits, work-life balance, and the opportunity to work alongside an amazing and growing team.
Applicant must be a permanent resident or citizen of the United States and clearable for Public Trust clearance with the U.S Government.
Required Skills and Qualifications
- 8+ years of experience in complex regulatory and audit program, focusing on secured cloud capabilities, to include Authorization to Operate (ATO) in multi-tenant environment
- Ability to work as a self-starter with the ability to bring innovative ideas to improve customer delivery
- Ability to communicate in a clear and efficient manner in a team environment
- Ability to collaborate and contribute in a high performing team to delight our customers
- Thorough understanding of NIST 800 – Computer Security, Cyber Security, and Risk Management Framework.
- Experience in interpreting IT vulnerability scanning results.
- Experience in managing security Certification and Accreditation activities utilizing common control frameworks
- Experience with risk mitigation and selecting or designing appropriate security controls for implementation
- Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings
- Experience with overseeing compliance programs in Microsoft Azure, Amazon AWS, PCI DSS, and Fed Ramp cloud environments
- Experience in coordinating, monitoring, and tracking security activities across multiple organizations
- Experience in managing security posture of cloud environment, and working with engineering teams to remediate, and communicating overall risk of environment while identifying areas of improvement
- Demonstrated understanding and experience with DevSecOps
- BA or BS degree in Science, Technology, Engineering, or Mathematics
- Hold active certification: Certified Information System Security Professionals (CISSP) and Certified Authorization Professionals (CAP).
Desired Skills and Qualifications
- Experience project leadership in monitoring computer networks and security issues, investigating and resolving security and cybersecurity incidents.
- Experience in developing system/application certification and accreditation documentation.
- Experience working with Agile teams and SAFe to perform testing and uncovering system and network vulnerabilities
- Experience in documenting security incidents and performing security vulnerability assessments
- Risk assessment experience, threat identification, security categorization, gap analysis, and compliance reporting.