SAIC is looking for a Information System Security Officer (ISSO) and/or Alternate Information System Security Officer (AISSO) for one or more major federal IT information systems as a member of the customer directorate’s Security Team. Overall, he/she will be responsible for utilizing the NIST Risk Management Framework (RMF) and related Continuous Monitoring activities to maximize the security of their assigned system(s) and ensure compliance with Federal Information Security Management Act (FISMA) requirements and customer policies and processes
- Conduct continuous monitoring and self-inspections of computer systems to ensure security compliance with the aforementioned guidance and DHS policy directives, and proactively report progress to management, make recommendations for security posture improvements, and ensure systems are ready for audits.
- Review Nessus, WebInspect, and DBProtect security scans, communicate vulnerabilities to technical stakeholders, and track them to remediation.
- Proactively report security status and concerns to management and make recommendations as appropriate.
- Assist directorate with yearly audit responses and security-related data calls to upper management and DHS OCIO.
- Develop and update standard government security documentation such as System Security Plans, Contingency Plans, Interconnection Security Agreements, Risk Acceptances/Waivers, Privacy Threshold Analyses, Privacy Impact Assessments, Interconnection Security Agreements, waiver requests, and other ad-hoc documentation as needed.
- Review and approve/deny relevant system Change Requests as needed
- Perform system audit log reviews in accordance with established policy requirements using Security Information and Event Management (SIEM) tools such as Splunk, Kibana, etc.
Required Skills and Experience
- BS or equivalent work experience in the Information Assurance / Cybersecurity field.
- 5+ years of overall IT security experience.
- 2+ years of experience as a primary ISSO or security compliance lead for an IT system
- Possess one of the following: CISSP, CCSP, or CEH certifications.
- Has created, tracked, and pushed to completion Plans of Action and Milestones (POA&Ms) for resolving security control deficiencies.
- Has completed a new or renewed system Certification and Accreditation (C&A) package from start to finish.
- Is experienced in effectively communicating security vulnerabilities with technical POCs and management.
- Has significant security experience with systems primarily supported by Linux OS (on premises) or Amazon Web Services (AWS).
- Has significant experience and knowledge of how to interpret details of vulnerability scans, including Tenable Nessus.
- Has significant experience writing or updating system Security Plans.
- Ability to communicate effectively verbally and in writing.
Desired Skills and Experience
- Prior experience supporting the federal government in an IT environment.
- Experience creating, tracking, and updating Interconnection Security Agreements (ISAs), risk acceptance memorandums, and policy waiver requests.
- Has led annual Contingency Plan Tests in either tabletop form or as actual fail-over tests.
- Experience creating, tracking, and updating security policies and/or procedures
- Expertise in using Splunk or other SIEM tools
- Security experience with cloud systems hosted by Amazon Web Services (AWS)
- Experience leading an IT security team
- Experience with DoD STIG system configuration standards
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.
We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.