VariQ has an opening for an Information System Security Officer. 

Additional Information:

• Security Clearance: Public Trust
• Location: Full time onsite work at VariQ headquarters with remote work options (fully remote during COVID)
• Salary: dependent upon experience
• Available: within 2 weeks

• Responsible for ensuring that management, operational, and technical controls for securing either National Security Systems or SBU level Information Systems are in place and are followed for work performed under this statement of work.
• Ensure that appropriate steps are taken to implement information security requirements for IT systems throughout their lifecycle, from the requirements definition phase through disposal.
• Responsible for conducting vulnerability scanning and assessments, conducting Certification and Accreditation (C&A) activities in accordance with NIST 800-37 standards, reporting IT Security events/incidents in the time prescribed by IT Policy depending on the severity of the incident, and respond to Information Security Vulnerability Management (ISVM) notifications and ensure all systems under their purview are in compliance with IT Policies
• Demonstrate experience with NIST 800 publications standards
• Demonstrate experience with vulnerability scanning and assessments
• Demonstrate experience conducting Certification and Accreditation (C&A) activities
• Demonstrate experience reporting IT Security events/incidents
• Works with legacy security teams and component security teams to review, validate, update, and ensure the security posture of legacy technology components.
• Works with Cloud Service Providers, 3PAOs, and component security teams to design, implement, validate, and ensure the security of cloud developed and cloud transitions systems.

• An active ISC2 Certified Information Systems Security Professional (CISSP) or CompTIA Advanced Security Practitioner (CASP) Certification required.
• 10+ years of experience in an information technology field. 
• Bachelor’s degree in Computer Science or an IT related field required.
• Experience should include transitioning systems between vendors and migration of systems to a cloud environment. 
• Be able to read, write, speak, and understand English fluently.
• Experience working with and applying the NIST Risk Management Framework.
• Experience working with and applying the NIST Special Publication 800 Series guidance.
• Experience working with FEDRamp, Cloud Service Providers, 3PAOs, as well as developing, implementing, and validating the security architecture of cloud based and cloud transitioned systems.
• Experience with Continuous Diagnostics and Monitoring (CDM) requirements and processes is highly desirable.

OTHER DUTIES

• This job description is not designed to cover a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities are subject to change at any time. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

• The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions.
• While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit, and reach with hands and arms. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate. 

NOTE

• All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the employee will possess the skills, aptitudes, and abilities to perform each duty proficiently. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an “at will” relationship.