SAIC is seeking a Senior ISSO to support our Washington, D.C customer!
- Provide consulting to COMET on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives.
- Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts to the security posture of systems.
- Ensure system security measures comply with applicable government policies.
- Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system.
- Ensure that system security requirements are addressed throughout the project and system lifecycle.
- Ensure effective controls and processes are in place and working effectively to maintain a strong system security posture.
- Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities.
- Obtain C&A for systems under their purview.
- Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (PoC)/ISSO any related remediation activities.
- Understand and monitor operations processes, including but not limited to, the Incident Response Process and Communications Process, to ensure that they are followed properly at Agencies for applicable CDM solutions and tools.
Required Education & Experience
- Bachelor’s degree or 6 years equivalent experience. B.S. in Information Technology or Information Security desired.
- 7+ years of experience in InfoSec specializing in NIST.
- At least one of the following approved baseline certification(s): CAP or CISSP or CISM or CASP+CE or GSLC.
- Experience with AWS Cloud, Azure Cloud, or Cloud implementations and environments.
- Extensive knowledge and experience with information security standards, policies and practices NIST SP 800-53 rev4, SP 800-37 rev2, FIPS-199, DHS 4300A.
- Demonstrated experience writing information system security documentation (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).
- Experience using vulnerability assessment tools (NESSUS, AppDetective, etc.), analyzing and interpreting assessment results.
- Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.
- Ability to research and address information security issues as required as an authority on the subject.
- Experience with DHS Continuous Diagnostics and Mitigation (CDM) a plus.
- FedRAMP experience a plus.
- Strong understanding of infrastructure technologies and functionalities (e.g., firewalls, Windows/Linux servers, Active Directory (AD), Splunk, Solarwinds, CyberArk, etc.).
- Must be a self-starter and have the ability to think outside of the box to design effective solutions
- Must have excellent verbal and written communication skills as this position may interact with senior-level executives.
- Must pass a GSA background check/Public Trust
This position allows for a combination of onsite and remote work. Candidate must be located in the DC metro area in order to be onsite 3 days per week.
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability