Information Systems Security Officer – Senior

ECS is seeking an Information Systems Security Officer – Senior to work remotely.

ECS is looking for an experienced Information Systems Security Officer (ISSO) to join our team supporting multiple platforms to attain and/or maintain their ATOs. The ISSO will be critical in protecting our DHS customers’ information systems and ensuring compliance with federal cybersecurity regulations and policies. The ideal candidate will have a strong background in federal cybersecurity, with at least five years of hands-on experience developing, documenting, and managing Authorization to Operate (ATO) packages for federal information systems.

Responsibilities 

• Develop, prepare, and update RMF authorization packages and security documents in accordance with NIST SP 800-53 Rev. 4/5, particularly those associated with NIST’s Risk Management Framework and FedRAMP. 
• Applies extensive knowledge of a variety of the Cybersecurity field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems. 
• Manage the Authorization to Operate (ATO) process throughout the system lifecycle, including initial authorization, reauthorization, and continuous monitoring activities. 
• Conduct security assessments and information system security oversight activities, identifying potential security weaknesses and recommending improvements. 
• Develop and maintain critical security documentation, such as System Security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Plan of Action and Milestones (POA&M). 
• Serve as the primary point of contact for government clients and stakeholders on cybersecurity and compliance matters. 
• Coordinate with system owners, developers, engineers, and other stakeholders to implement security controls and ensure compliance with security requirements. 
• Manage POA&Ms, tracking remediation efforts and escalating risks as necessary. 
• Ensure the collection, review, and documentation of audit records, using financial audit standards, classified system IA requirements and Privacy Act requirements. analyzing anomalies and ensuring proper remediation. 
• Monitor system security configurations, audit logs, and patch management for compliance and threat detection. 
• Vulnerability scanning execution, assessment, and analysis
• Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide 
• Area Networks [WAN]) 
• Stay abreast of evolving security and risk management standards, including NIST, DoD, FISMA, FIPS, guidelines, and apply relevant changes to existing processes. 
• Provide configuration management recommendations for security software, hardware, and firmware. 
• Support incident response efforts and forensics investigations. 
• Provide input to cybersecurity policy and process development and support user training and awareness initiatives.

Salary Range: $145,000 – $145,000

General Description of Benefits

Qualifications

• Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or a related field. 
• No Degree: 10 years of Cybersecurity & FISMA experience 
• Bachelor’s Degree: 8 years of Cybersecurity & FISMA experience 
• Master’s degree: 6 years of Cybersecurity & FISMA experience 
• Proficient in the Risk Management Framework (RMF) and all associated tools (e.g., eMASS, Xacta, ACAS, Splunk, DISA STIGs, SCAP, STIG Viewer). 
• Experience with cloud security requirements and compliance in federal environments (e.g., FedRAMP, AWS, Azure).
• Strong understanding of federal cybersecurity policies, regulations, and guidelines, such as NIST 800-53 Rev. 4/5, FISMA, and DoD directives. 
• Professional security certification such as CISSP, CISM, CompTIA Security+ CE, SSCP, CEH, CASP, CISA or higher, in compliance with DoD 8140 requirements. 
• Experience interpreting vulnerability scans (e.g., ACAS, Tenable Nessus, SCAP) and developing remediation plans. 
• Excellent written and verbal communication skills, including the ability to present complex technical information to diverse audiences. 
• Demonstrated ability to work independently and collaboratively in a fast-paced, deadline-driven environment.
• Outstanding problem solving and analytical skills, including ability to create clear observations, analysis and conclusions based on customer interviews and data. 
• Minimum Education: Possesses one of the following professional security certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM) 
  • Certified Ethical Hacker (CEH)
  • CompTIA Advanced Security Practitioner (CASP)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Information Systems Auditor (CISA)
  • Similar security professional certifications must be approved by the Federal PM