• Information System Security Officer (ISSO)

    Job Locations US-DC
    Job ID
    # of Openings
    IT Security
    Work Authorization
    US Citizens, preferred
  • Overview

    VariQ has an exciting opportunity for a highly qualified ISSO to support the Federal Bureau of Investigation (FBI) project


    Additional Information:

    • Available: ASAP
    • Location: Washington, DC
    • Security Clearance: Top Secret clearance
    • Salary: Dependent upon experience


    The ISSO is responsible for the security aspects, operations, and maintenance of multiple systems and applications. Additionally, the ISSO manages risk-assessments and audits of systems, oversight of media, software and hardware security compliance.

    • The candidate will have expertise in analyzing and advising on the risk and remediation of security issues based on reports from security assessments, vulnerability assessment scanners, patch management tools, and emerging threat information.
    • Expertise in supporting and/or conducting the Federal Information Security Management Act (FISMA) audits.
    • Experience processing applications through the Certification and Accreditation (C&A) and process coordinating and supporting the integration and testing of system level security requirements which may include researching, verifying and documenting information security controls in order for the "systems" to be accredited.
    • Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon DOJ, FBI, and NIST
    • Creates and compiles Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, SOPs.



    • Ensuring that day to day security is maintained for assigned information systems.
    • Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the FBI's Information System Security Assessment (ISSA) Handbook and NIST publication series NIST 800-53
    • Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS
    • Initiate protective and corrective measures when a security incident or .vulnerability is discovered
    • Monitor system recovery processes and ensure the proper restoration of an IS security features
    • Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
    • Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process);
    • Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
    • Establish audit trails and ensure their review, and make them available, when required, to the Chief Security Officer (CSO) or the Information System Security Manager (ISSM);
    • retain audit logs in accordance with Department of Justice (DOJ), Office of Director of National Intelligence (ODNI) and/or FBI policy
    • Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
    • Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
    • Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators.
    • Develop, implement, and enforce information systems security policies.
    • Maintain System Security Plans (SSPs) and all- other system security documentation
    • Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP).
    • Support risk assessment and evaluation activities throughout the Certification and Accreditation (C&A) or site accreditation process.
    • Able to implement and maintain continuous monitoring,
    • Establish audit trails, ensuring their review and reporting all identified security findings.



    • Certified Information System Security Professionals (CISSP)
    • Active Top Secret
    • Previous ISSO experience


     VariQ is an equal opportunity employer.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed