Job Title: Systems Security Officer
Length: 3 Month Contract to Hire
Compensation: Based on Experience and Education
Clearance: Must be able to obtain a Public Trust. US or Green Card holders only
- Responsible for determining enterprise and system information security policy and strategy.
- Oversees the development, implementation, and enforcement of information security standards and procedures.
- Ensures that all personnel and information systems are functioning correctly regarding security policies.
- In charge of program security risk evaluations, security audits and assessments, and security incident investigation.
- Updates/maintains System Security Plans (SSPs), Information Security Risk Assessments (IS RAs), Privacy Impact Assessments (PIAs) and other security artifacts for the program.
- Performs Security Impact Analysis (SIAs) for all proposed changes to the production environments.
- Participates in all Technical Direction Board (TDB) and Technical Review Board (TRB) security related meetings and documentation creation.
- Collects and manages all appropriate artifacts required to demonstrate security control compliance.
- Manages and schedules remediations for all Plan of Action and Milestones (POA&M) items acquired by the program.
- Manages security and privacy training for all program employees both for onboarding as well as annually required training.
- Manages off-boarding process for all program employees from a security perspective.
- Supports continuous monitoring activities and provide incident and emergency response support as needed.
- Ensures applicable software and hardware hardening guidance is implemented within the program.
- Participation in periodic scrum meetings to provide updates for ongoing security activities.
- Key interface to customers’ security professionals (ISSO) for all security activities.
- Conducts vulnerability analysis and threat assessments. Reviews reporting from vulnerability and threat tools and guides the team on remediation efforts.
- Evaluates security products and recommends solutions for control enhancements.
- Continuous testing of ARS controls via code quality, static, and dynamic code analysis.
- Push for a higher level of security than traditional waterfall development efforts through continuous testing and flaw remediation, reduction in manual/human-controlled processes, and increased security transparency.
- Bachelor’s Degree in Cyber Security, Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work experience.
- 3 - 5 years’ experience implementing and/or managing software and infrastructure solutions in civilian government environments from a security perspective.
- Business/Outcome driven with in-depth working knowledge of government security requirements such as FISMA, FIPS and FedRAMP security controls.
- Familiarity with applying and managing security controls within a cloud-based environment.
- Experience in the field of technology as it relates to security policy, procedure, risk assessment, and system architecture.
- CISSP not required but preferred.
- Deep understanding and experience of web technologies, user experience modeling/evolution etc. Understanding of mobile technologies will be a plus.
- Knowledge of Systems Development Lifecycle and the Project Management Lifecycle.
- Business savviness and ability to identify potential business and product opportunities.
- Experience with Product Roadmap development and influencing key stake holders for buy in on business priorities.