Information System Security Engineer

Position Title : ISSO

Location : Washington, DC

Industry : Government Contracting

ISSO Position Summary :

Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services.

ISSO Key Responsibilities :

• Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview.
• Maintain operational security posture consistent with current security policy.
• Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT.
• Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed.
• Serve as primary security to system owners, common control providers, and users.
• Serve as focal point for cybersecurity incident reporting and subsequent resolution.
• Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language.
• Ensure all security-related SDLC documentation meets all identified security needs.
• Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium.
• Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium.
• Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures.
• Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium.
• Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system.
• Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring.
• Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation.
• Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan.
• Assist System Owner and ISSM to ensure external connections to / from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS).
• Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium.
• Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy.
• Complete mandatory annual specialized information security training.
• ISSO Required Skills : 8+ years of experience in IT Security
• Certified Information Systems Security Professional (CISSP) certification.
• Understanding of NIST 800.53 and its applicability to IT Systems.
• Expertise with Risk Management Framework, FEDRAMP and FISMA.
• Understanding authentication in the cloud environment.
• Experience with continuous monitoring of a cloud system
• Experience working on assessments with third party assessments organization (3PAO)
• AWS / Azure associate certified

ISSO Compensation and benefits : $120,000

Company-supported medical, dental, vision, life, STD, and LTD insurance

Benefits include 10 federal holidays and PTO.

401(k) with company matching

Flexible Spending Accounts for commuter, medical, and dependent care expenses

Tuition Assistance