ActioNet, Inc Information Assurance Security Specialist/ISSO in Silver Spring, Maryland
ActioNet has an immediate opportunity for an IT Security professional to serve in the role as Information System Security Officer (ISSO) for our customers. This position requires the ability to get a Secret clearance and is located in Silver Spring, MD.
Are you ready to join our great Support team? To be a successful candidate, you must have hands-on experience and extensive knowledge with NIST 800 Special publications standards and preparing documents such as: System Security Plans (SSPs), Contingency Plans (CPs), Risk Assessments Matrices (SRTMs), Business Continuity Plan (BCP), Business Impact Analysis (BIA), Security Impact Assessments (SIAs) for proposed System Configuration changes, as well as having a thorough understanding of NIST Special Publications 800-53, Rev3/4, 800-53A, and 800-37
You will join a close-knit and highly technical and senior team of Systems Admins and Engineers. This is a standard workweek environment supporting our customers across the globe.
What is in it for you?
This is a self-managed and independent role where you have the opportunity to be involved in new security and cloud technologies
You will be on the forefront of leading weather, geospatial and satellite web page development that services scientist, institutions, analysts and citizens across the globe
You will join a supportive and engaged customer and working environment
Duties and Responsibilities
Assists in the maintenance of systems to protect data from unauthorized disclosure and/or modification
Play a lead role in the Annual Security Control Assessment of Systems. Work with assessors during assessment, and be able to analyze and understand the Security Assessment Report (SAR) and Vulnerability Assessment Report (VAR)
Identifies, reports, and resolves security violations.
Responsible for developing, updating and managing core security documents such as the System Security Plan (SSP), FIPS 199 & 200, Business Continuity Plan (BCP), Business Impact Analysis (BIA), Disaster Recovery Plan (DRP), Information System Contingency Plan (ISCP), Security Impact Analysis (SIA), Incident Response (IR) Plan, etc.
Work closely with the Systems Administrators and Network Engineers in ensuring that the system is running in compliance with the Acceptable Baseline Configuration
Ensure that identified vulnerabilities are remediated in accordance with CITR-016.
Manage and address milestones and POA&Ms in CSAM and ensure that the POA&Ms are successfully closed within the timeframe specified in the milestones
Be involved with the annual PEN Test exercise and work directly with the PEN Testers and in-house IT staff
Continuously working with the System stakeholders and data custodians to ensure that the system and networks are adequately protected against intrusion by deploying necessary controls that provide security of data
Ability to perform a variety of other assigned IT security tasks.
At least five (5) years of demonstrated experience required in:
Active Certification: CISSP preferred, CISM, CISA, CAP, CRISC,
Utilization of scanning products such as: Nessus, Retina, Core Impact
Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, etc.
Experience with FIPS 199/200 and Security Awareness Training (to include different possible social engineering attacking techniques)
NIST 800-37 experience, (DIACAP, NIACAP or similar products)
Experienced with NIST 800-53 REV 4 preferred to include privacy controls
Experienced with FISMA A&A continuous monitoring
Experienced with providing FISMA Vulnerability and Compliance Scanning
Experience of A&A Core Documentation development (i.e. SSP, BCP, DRP, ISCP, BIA, FIPS 199 & 200)
Experienced in assessing and maintaining a FIPS 199 High Category Federal system
Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM) or Trusted Agent FISMA (TAF)
POA&M Management experience in a federal government setting
Experienced with System and Network administration
Sound knowledge of risk management and assessment (both qualitative and quantitative) using NIST SP 800-30 and 800-39
Experience in Systems Engineering or satellite experience is preferred
Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio and Project)
Must be organized, timely, and customer service oriented
Must be able to update documentation in a timely and professional manner that includes proof reading and formatting.
Ability to work well independently and in a diverse team setting
Adaptability, flexibility and ability to deal with ambiguity and change
Excellent oral and written communication and customer service skills
Excellent attention to detail and good analytical skills
ActioNet is an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
ActioNet is an Equal Opportunity/Affirmative Action employer
All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age (40 or over), or genetic information. ActioNet’s commitment to diversity and inclusive selection practices includes ensuring qualified long-term unemployed job seekers receive equal consideration for employment.
The ActioNet Career Center is accessible to any and all users. If you would like to contact us regarding the accessibility of this portal or you need assistance completing the application process, please contact Jonathan Dobles, Technical Recruiter, at 703-204-0090 ext 195 or JDobles@ActioNet.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.