VariQ has an incredible opportunity for a high-performing ISSO to join our team, supporting a high profile client in Washington DC.
Location: Washington DC
Available: 30-45 days
Security Clearance: active TS required
Salary: competitive market rate
Ensuring that day to day security is maintained for assigned information systems.
Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the FBI's Information System Security Assessment (ISSA) Handbook and NIST publication series NIST 800-53
Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS
Initiate protective and corrective measures when a security incident or .vulnerability is discovered
Monitor system recovery processes and ensure the proper restoration of an IS security features
Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process);
Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
Establish audit trails and ensure their review, and make them available, when required, to the Chief Security Officer (CSO) or the Information System Security Manager (ISSM);
retain audit logs in accordance with Department of Justice (DOJ), Office of Director of National Intelligence (ODNI) and/or FBI policy
Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators.
Develop, implement, and enforce information systems security policies.
Maintain System Security Plans (SSPs) and all- other system security documentation
Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP).
Support risk assessment and evaluation activities throughout the Certification and Accreditation (C&A) or site accreditation process.
Able to implement and maintain continuous monitoring,
Establish audit trails, ensuring their review and reporting all identified security findings.
5-years work experience in a computer science, or cybersecurity related field
Active Top Secret Clearance required
Currently hold one of the following industry recognized security certifications, CISSP, SANS GIAC Information Security Professional, (GISP), Computer Technology Industry Association, (CompTIA) Advanced Security Practitioner, (CASP) or other certifications exemplifying skill sets such as those described in DoD 8570.1 IAM Level III proficiency.
Experienced using and operating security tools such as, but not limited to, Tenable’s Nessus and/or Security Center, IBM Guardium, HP WebInspect, or like applications, and Network Mapper, (NMAP).
A Bachelors or Advanced Degree in Computer Science, Cybersecurity, Mathematics, or Engineering is highly desirable.