Careers

Search Jobs Connect With Us

Systems Security Officer

Job Attributes

Job Id:

25321

Job Category:

IT Infrastructure

Job Location:

Owings Mills, MD  21117

Security Clearance:

Not Defined

Business Unit:

Zachary Piper Solutions

JOB DESCRIPTION

Job Title:  Systems Security Officer

Length:  3 Month Contract to Hire

Compensation:  Based on Experience and Education

Clearance:  Must be able to obtain a Public Trust. US or Green Card holders only

 

Summary:

Our client is looking for a Systems Security Officer to  work with the ADO Product Directors, Product Architects, Client Produce Leads, Release Managers, Scrum Masters and other internal and external stakeholders, to support the secure development of the Agile Product Vision and Roadmap, with the goal of effectively capturing the risks associated with an agile software release and mitigating impacts of the release on the program’s current Authority to Operate (ATO).  The ADO SSO works with project teams to ensure that all changes made to the system go through Security Impact Analysis (SIAs) and other risk management activities to ensure all risks are documented and system weaknesses are remediated before production release.  The SSO is responsible for ensuring that the program adheres to   the CMS Information Security and Privacy Policy (IS2P), the CMS Acceptable Risk Safeguards (ARS) 3.1, the NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and the NIST SP 800-37, Risk Management Framework (RMF). This includes being highly integrated into Government policies and standards through robust security artifacts such as the System Security Plans (SSPs), Information Security Risk Assessments (IS RAs), Privacy Impact Assessments (PIAs) and other integral documentation.

 

Responsibilities:

  • Responsible for determining enterprise and system information security policy and strategy.
  • Oversees the development, implementation, and enforcement of information security standards and procedures.
  • Ensures that all personnel and information systems are functioning correctly regarding security policies.
  • In charge of program security risk evaluations, security audits and assessments, and security incident investigation.
  • Updates/maintains System Security Plans (SSPs), Information Security Risk Assessments (IS RAs), Privacy Impact Assessments (PIAs) and other security artifacts for the program.
  • Performs Security Impact Analysis (SIAs) for all proposed changes to the production environments.
  • Participates in all Technical Direction Board (TDB) and Technical Review Board (TRB) security related meetings and documentation creation.
  • Collects and manages all appropriate artifacts required to demonstrate security control compliance.
  • Manages and schedules remediations for all Plan of Action and Milestones (POA&M) items acquired by the program.
  • Manages security and privacy training for all program employees both for onboarding as well as annually required training.
  • Manages off-boarding process for all program employees from a security perspective.
  • Supports continuous monitoring activities and provide incident and emergency response support as needed.
  • Ensures applicable software and hardware hardening guidance is implemented within the program.
  • Participation in periodic scrum meetings to provide updates for ongoing security activities.
  • Key interface to customers’ security professionals (ISSO) for all security activities.
  • Conducts vulnerability analysis and threat assessments.  Reviews reporting from vulnerability and threat tools and guides the team on remediation efforts.
  • Evaluates security products and recommends solutions for control enhancements.
  • Continuous testing of ARS controls via code quality, static, and dynamic code analysis.
  • Push for a higher level of security than traditional waterfall development efforts through continuous testing and flaw remediation, reduction in manual/human-controlled processes, and increased security transparency.

Requirements:

  • Bachelor’s Degree in Cyber Security, Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work experience.
  • 3 - 5 years’ experience implementing and/or managing software and infrastructure solutions in civilian government environments from a security perspective.
  • Business/Outcome driven with in-depth working knowledge of government security requirements such as FISMA, FIPS and FedRAMP security controls.
  • Familiarity with applying and managing security controls within a cloud-based environment.
  • Experience in the field of technology as it relates to security policy, procedure, risk assessment, and system architecture.
  • CISSP not required but preferred.
  • Deep understanding and experience of web technologies, user experience modeling/evolution etc. Understanding of mobile technologies will be a plus.
  • Knowledge of Systems Development Lifecycle and the Project Management Lifecycle.
  • Business savviness and ability to identify potential business and product opportunities.
  • Experience with Product Roadmap development and influencing key stake holders for buy in on business priorities.

Apply Now

CONTACT INFORMATION (Required)
RESUME (Required)
No file selected
x
Formats accepted: .doc / .docx / .pdf / .txt
Don't have a resume? Click here to fill out a short form.

Copy/paste your resume inside the text editor below:

ADDITIONAL INFORMATION (Required)
WORK HISTORY (Required)
Add another experience (optional)
EDUCATION (Required)
Add another degree (optional)
SKILLS (Required)
Add another skill (optional)

The following error(s) occurred:

Please wait while your job application is being processed. This may take a few moments.
New Search

Job Id:

25321

Job Category:

IT Infrastructure

Job Location:

Owings Mills, MD  21117

Security Clearance:

Not Defined

Business Unit:

Zachary Piper Solutions