ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Cloud Information System Security Officer (ISSO) who has experience managing the security posture of information systems in a private cloud environment. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.  

The Cloud ISSO is responsible for maintaining the security posture of a DHS solution offered from an off-premise private cloud environment throughout the lifecycle of the project. The candidate will work closely with project managers, technical engineers, DHS ISSOs, and Agency security personnel to identify and address vulnerabilities within the system and manage all POA&Ms identified. They will be responsible for routinely scanning the environment using Tenable Nessus. The candidate will also interface with the technical engineering team to provide security related guidance to the system.

Roles and Responsibilities

  • Serve as the ISSO for a DHS solution being offered from an off-premise private cloud
  • Work closely with the DHS ISSO and the DHS CISA office to address all Plans of Action and Milestones (POA&Ms)
  • Submit Infrastructure Change Requests and Security Impact Analyses for any changes that need to be performed on the Shared Services Platform
  • Conduct periodic scans of the Shared Services Platform using Tenable Nessus on agreed upon time frames and provide the results to the DHS Security team
  • Work with the Engineering and Operations teams to address issues identified in the scans in a timely manner
  • Interface with the Engineering and Operations personnel to provide ongoing security- related guidance
  • Implement/maintain a strategy for continuous monitoring including: establishing system audit trails and ensuring their review, reporting all identified security findings and initiating the periodic review of security controls
  • Ensure security awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code or other adverse operational conditions to include exercise of continuity and/or disaster recovery plans, as required
  • Monitor operations processes, including but not limited to, the Incident Response Process and Communications Process to ensure that they are followed properly
  • Provide prompt feedback to Engineering and Operations personnel in a timely manner and provide ongoing education on security protocols and procedures
  • Ensure that system security requirements are addressed throughout the project and system lifecycle
  • Ensure controls and processes are in place and working effectively to maintain a strong system security posture

Required Skills

  • Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs, and IRPs)
  • Demonstrated experience conducting information system security controls assessments (SCAs) and applying standard auditing techniques during system security controls assessments, including proper interpretation of control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer and team to ensure compliance
  • Extensive knowledge and experience with information security standards, policies and practices – NIST (800-53 rev4), FISMA, DHS 4300A
  • Knowledge of information security engineering, design concepts and principles
  • Knowledgeable with the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies
  • Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management
  • Ability to research and address information security issues as required as an authority on the subject
  • Experience using vulnerability assessment tools (NESSUS, AppDetective, etc.), analyzing and interpreting assessment results, and developing POA&Ms to remediate findings
  • Must have excellent written communication skills as the candidate’s job will include written interaction with senior-level executives

Desired Skills

  • Exceptional interpersonal and verbal communication skills, with the ability to collaborate well across teams and organizations
  • Proven ability to multi-task and deliver on time with the highest quality

Education Requirement 

  • Bachelor of Science degree in Information Technology preferred

Years of Experience Requirement

  • 5+ years of experience desired (4 years of relevant work experience may be substituted for B.S, for a total of 9+ years of experience)

 Certification Requirement

  • Security+ certification or equivalent is required
  • Industry certifications, such as CISSP, CISA, CAP are preferred

Location

  • Reston, Virginia

Security Clearance

  • Must be able to obtain DHS EOD
  • US Citizenship Required

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply