ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Information Systems Security Officer who has knowledge and experience of industry trends and developments around infrastructure security automation and developing and carrying out information security plans and policies in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.
Roles and Responsibilities
- Develop effective technical and support documentation for use by engineering and sustainment staff to include code/tool documentation, CI/CD test plans.
- Ability to review operational metrics and make analytic decisions/recommendations about security optimization through automation.
- Gather requirements, design, codify, integrate and implement secure solutions that support business functionality as well as the underlying infrastructure required to run and deploy those solutions.
- Apply secure development/coding to include; but not limited to, cloud technology, internet servers, application whitelisting, virtualized containers, web-enabled database applications, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DHS Policy.
- Champion security by injecting security concerns into the existing development workflow; build security thinking into every stage of software development.
- Coordinate with teams across the customer enterprise on the migration of existing IT services to the cloud; identify security technical requirements, potential problems and issues, and participate on agile software development teams.
- Comply with the ISSO Roles and Responsibilities as laid out in DHS 4300 A/B.
- Maintain the Security Authorization or Certification and Accreditation of their assigned system.
- Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.
- Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
- Maintain all required documentation to maintain their assigned system’s Authority to Operate or system go live dates.
- Draft a Security Package and perform any modifications throughout the lifecycle of the IT system.
- Manage all applicable POA&Ms throughout the lifecycle of the IT system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
- Support the Security Incident Response team in the remediation, documentation and reporting of all incidents for the ISSO assigned system.
- Provide track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of their assigned system.
- Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
- Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.
- Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev3 / Rev4, working with System Owners (SO)
- Experience with the C&A process
- Understanding of FISMA compliance
- Technical skills and experiences with Cloud Service (AWS,Azure, etc), continuous delivery systems and enhancing SecDevOps projects through security automation.
- Excellent problem solving, analytical skills and technical troubleshooting skills
- Experience with performing integrated quality assurance testing for security functionality and resiliency to attacks
- Experience with Ongoing Authorizations
- Experience with Xacta
A bachelor’s degree in Computer Science or other Engineering or Technical Discipline
Years of Experience Requirement
- 5-7 years applicable professional experience
- Relevant experience in software engineering or DevOps
- Familiarity with software development life cycle models and agile programming methodologies
CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent)
- None required
- U.S. Citizenship required
- Must be able to pass a Federal background investigation