Sevatec Inc.

  • Information Systems Security Officer (ISSO)

    Job Locations US-VA-Fairfax
    Posted Date 4 weeks ago(11/14/2018 1:53 PM)
    Job ID
    2018-1642
    # of Openings
    1
    Category
    Information Technology
  • Overview

    Sevatec is hiring an Information System Security Officer (ISSO). The ISSO is a critical role on the HHS ECLKC Hosting Agile Services contract that serves as a security expert to ensure IT security compliance solutions to federal client are translated and documented to the Web-Hosting project team as well as the government.  The ISSO also works closely with the Project Manager to lead or participate in translating security requirements to the Web-Hosting Technical team members including the Technical Lead, Network Technician, Database Administrator, and subcontractor, Cleverex Systems, and Hyperwave Consultant. 

    Responsibilities

    • Translates IT security scans on complex information systems, applications, and ensures that appropriate follow-on action items are created and in compliance with the OCIO of Administration for Children and Families.
    • Articulates results from security scans to complete risk and vulnerability assessment to ensure action items are submitted for Authority to Operate.
    • Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
    • Provides technical support in the areas of vulnerability assessment, risk assessment, network security, and security implementation.
    • Conducts cybersecurity control validation exercises on unclassified networks, applications and systems to validate the effectiveness of current security measures.
    • Ensures that Security Compliance and Procedures are with agency and department directives and mandates.
    • Perform hands-on technical security risk assessments to identify flaws, threats and vulnerabilities.
    • Works with the PM and ELCKC OCIO to translate technical engineering solutions to address and mitigate risks.
    • Provides security testing expertise to validate how well a system meets predefined security requirements.
    • Translate directives from OCIO and test services with specific regard to the mitigation of unauthorized access, leakage of data, manipulation of data, or willful damage.
    • Provide security testing support to establish an application's security baseline and identify a level of security risk prior to production implementation.
    • Provides comprehensive technical writing support to assist Project Manager and Technical Lead to maintain all program documentation.
    • Gather, analyze, translate, and compose technical information into clear readable documents to be used by technical and non-technical personnel.
    • Create and maintain various project artifacts and end user documentation including functional requirements, design documents, user guides, style guides, publishing standards, etc.
    • Support the development, review, and editing of new or existing documentation or artifacts for final delivery, publication, or dissemination.
    • Technical writing support will be for a range of programmatic, technical and functional artifacts. College/Professional level writing skills shall be consistent with supporting ECLKC and the documentation required.
    • May be responsible for coordinating the display of graphics and the production of the document.
    • Validate security recommendations and specifications provided by the Project Manager, ACF Security, and client leadership.
    • Communicate security requirements and action items to technical resources.
    • Ensure security compliance and government requirements / mandates are documented and communicated to the team.
    • Responsible for managing security related documentation (e.g. Business Impact Analysis, FIPS 199 Categorization, Incident Response Plan, Privacy Impact Assessments, etc) to ensure they are in compliance with National Institute of Standards and Technology NIST) standards.
    • Develops system security procedures and artifacts in collaboration with project team members.
    • Participates in security risk assessments and change control/configuration management to determine the security impact of proposed or actual changes to the system or its environment.
    • Conducts annual assessments of security controls and participates in Continuous Diagnostic and Mitigation (CDM) assessments.
    • Coordinates and manages contingency planning activities for assigned systems by facilitating tabletop exercises, coordinating notification drills and back up restoration exercises, developing contingency planning scenarios, and ensuring the Contingency Plan is up to date.
    • Reviews system-level reports, audit logs and vulnerability scan reports on a continuous basis to gauge the health of the system’s security.
    • Collaborates with technical team members to resolve open Plan of Action and Milestones (POA&Ms) affecting security controls.
    • Creates and updates implementation statements utilizing security and technical documentation in preparation for obtaining an Authority to Operate (ATO) or during an Annual Security Assessment (ASA).
    • Documents implementation statements and uploads the required artifacts utilizing the Cyber Security Assessment Management (CSAM) tool.
    • Responsible for all system analysis activities on assigned Department of Labor (DOL) IT projects utilizing Agile methodology.
    • Can be requested to act as the alternate Scrum Master during daily Scrum meetings and Sprint Planning sessions.
    • Defines user stories and relative business and functional requirements.
    • Tracks improvements, new features, and bugs utilizing JIRA.
    • Collaborates with Web-Hosting team and Application Development team to identify and document the scope of security scans, checkpoints, assessments, risks, and vulnerabilities.  

     

    Qualifications

    • Associate in Computer Science, Information Systems related field and a minimum of 3 years of professional experience.
    • Experience in Process Modeling, Software Engineering Process, System Analysis.
    • Strong individual contributor as a security expert.
    • Strong communication and interpersonal skills; excellent team player.
    • Technically knowledgeable and customer oriented.
    • Creative, problem solving mind-set.
    • Ability to, multi-task and prioritize.
    • Deadline Oriented, Organized, Quality Focused.

    Desired Skills and Experience: 

    • CompTIA Security +, Professional Certification.

    Security Clearance: Must be able to obtain a US Government agency clearance.

     

     

     

    EEO Statement:  Sevatec is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

     

     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed