ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Information Systems Security Officer who has experience developing and carrying out information security plans and policies in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities

  • Comply with the ISSO Roles and Responsibilities as laid out in DHS 4300 A/B.
  • Maintain the Security Authorization or Certification and Accreditation of their assigned system.
  • Track the Security Authorization of their assigned system.
  • Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.
  • Continuously update all Security Authorization documentation as required by the ISSO SOP.
  • Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
  • Maintain all required documentation to maintain their assigned system’s Authority to Operate or system go live dates.
  • Document all relevant NIST 800-53 and 4300A Security Controls and/or applicable departmental policies for each IT system the ISSO is responsible for.
  • Draft a Security Package and perform any modifications throughout the lifecycle of the IT system.
  • Work closely with the System Owner to identify any additional controls that are applicable to the system to maintain a favorable security posture.
  • Perform an annual physical assessment of all General Support Systems (GSS) and Major Applications and sub-system interfaces.
  • Provide oversight and advisement on all proposed change requests on an IT System as it pertains to the potential change to the existing Controls Assessment.
  • Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
  • Evaluate and provide advisement on all privileged access requests to IT systems.
  • Ensure software targeted for introduction to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
  • Track the deployment of software to the environment that is not part of the base image. Ensure software installs are registered to individual users.
  • Ensure software deployed in the environment is audited on a quarterly basis. ISSOs shall provide reports to System Owners, ISSM, and to O&M staff tailored with the level of detail or abstraction as appropriate.
  • Perform oversight of Information System Vulnerability Management (ISVM) inquiries, and ensure that the inquiries are addressed and reported within the allotted timeframe and reported via the accepted methods and formats.
  • Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System. Proper documentation shall be filed and updated as required.
  • Manage all applicable POA&Ms throughout the lifecycle of the IT system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
  • Support the Security Incident Response team in the remediation, documentation and reporting of all incidents for the ISSO assigned system.
  • Perform a Weekly review of logs for each IT system.
  • Participate in project discussions in support of the System Owner.
  • Provide track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of their assigned system.
  • Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.
  • Provide timely and detailed responses to all data calls.
  • Provide support for all Office of the Inspector General (OIG) and other external audit activities.
  • Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
  • Coordinate with and brief Federal staff on all activities pertaining to each IT system as requested.
  • Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
  • Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.
  • Ensure the Configuration Management Database (CMDB) is continuously updated with the appropriate operational group if it is available.

Required Skills

Information Assurance related skills:

  • Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev3 / Rev4, working with System Owners (SO)
  • Experience with the C&A process
  • Understanding of FISMA compliance
  • System Admin or other technical background
  • Experience with Ongoing Authorizations
  • Experience with Xacta
  • General skills include:
  • Works well with team members
  • The ability to multi-task
  • A keen eye for detail
  • Strong organizational skills
  • The ability to thrive in fast-paced, high-stress situations
  • The ability to communicate network security issues to peers and management

Desired Skills

Experience working within DHS and with DHS 4300 or component equivalents

Education Requirement

A bachelor’s degree in Computer Science or other Engineering or Technical Discipline

Years of Experience Requirement

 5-7 years applicable professional experience

Certification Requirement

CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent)

Location

DC/MD/VA

Security Clearance

  • None required
  • U.S. Citizenship required
  • Must be able to pass a Federal background investigation

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Submit your resumé here!