ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Information Systems Security Officer who has experience developing and carrying out information security plans and policies in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities

• Comply with the ISSO Roles and Responsibilities as laid out in DHS 4300 A/B.
• Maintain the Security Authorization or Certification and Accreditation of their assigned system.
• Track the Security Authorization of their assigned system.
• Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.
• Continuously update all Security Authorization documentation as required by the ISSO SOP.
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation to maintain their assigned system’s Authority to Operate or system go live dates.
• Document all relevant NIST 800-53 and 4300A Security Controls and/or applicable departmental policies for each IT system the ISSO is responsible for.
• Draft a Security Package and perform any modifications throughout the lifecycle of the IT system.
• Work closely with the System Owner to identify any additional controls that are applicable to the system to maintain a favorable security posture.
• Perform an annual physical assessment of all General Support Systems (GSS) and Major Applications and sub-system interfaces.
• Provide oversight and advisement on all proposed change requests on an IT System as it pertains to the potential change to the existing Controls Assessment.
• Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
• Evaluate and provide advisement on all privileged access requests to IT systems.
• Ensure software targeted for introduction to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
• Track the deployment of software to the environment that is not part of the base image. Ensure software installs are registered to individual users.
• Ensure software deployed in the environment is audited on a quarterly basis. ISSOs shall provide reports to System Owners, ISSM, and to O&M staff tailored with the level of detail or abstraction as appropriate.
• Perform oversight of Information System Vulnerability Management (ISVM) inquiries, and ensure that the inquiries are addressed and reported within the allotted timeframe and reported via the accepted methods and formats.
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System. Proper documentation shall be filed and updated as required.
• Manage all applicable POA&Ms throughout the lifecycle of the IT system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
• Support the Security Incident Response team in the remediation, documentation and reporting of all incidents for the ISSO assigned system.
• Perform a Weekly review of logs for each IT system.
• Participate in project discussions in support of the System Owner.
• Provide track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of their assigned system.
• Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.
• Provide timely and detailed responses to all data calls.
• Provide support for all Office of the Inspector General (OIG) and other external audit activities.
• Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
• Coordinate with and brief Federal staff on all activities pertaining to each IT system as requested.
• Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
• Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.
• Ensure the Configuration Management Database (CMDB) is continuously updated with the appropriate operational group if it is available.

Required Skills

Information Assurance related skills:

• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev3 / Rev4, working with System Owners (SO)
• Experience with the C&A process
• Understanding of FISMA compliance
• System Admin or other technical background
• Experience with Ongoing Authorizations
• Experience with Xacta
• General skills include:
• Works well with team members
• The ability to multi-task
• A keen eye for detail
• Strong organizational skills
• The ability to thrive in fast-paced, high-stress situations
• The ability to communicate network security issues to peers and management

Desired Skills

Experience working within DHS and with DHS 4300 or component equivalents

Education Requirement

A bachelor’s degree in Computer Science or other Engineering or Technical Discipline

Years of Experience Requirement

 5-7 years applicable professional experience

Certification Requirement

CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent)

Location

DC/MD/VA

Security Clearance

• None required
• U.S. Citizenship required
• Must be able to pass a Federal background investigation