Senior Information System Security Officer (ISSO)

Avint LLC is seeking a motivated and skilled Information System Security Officer to join our team in the Herndon, VA area. The Information System Security Officer (ISSO) will be responsible for providing subject matter expertise support in technical and functional support, data integration and migration management, and upgrade support.

The ISSO is responsible for integrating information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements. The candidate will also be responsible for ensuring a robust software quality control process. The ISSO will interact with both technical and non-technical personnel in order to conduct a comprehensive review of a system, network or application. This is a technical role requiring moderate to advanced knowledge of security engineering, enterprise monitoring, and incident response. The ISSO will assist in building or refining the program to achieve the assessment process. The ISSO will work with various elements of the cybersecurity team to understand roles, missions and requirements in order to inform this process.

Position Responsibilities:

• Ensure systems and clients organizations are in compliance with Federal security requirements
• Assist with the development and maintenance of security documentation in support of maintaining the authorization of Agency and clients' systems
• Assist with developing system security policy and ensure compliance on a routine basis
• Coordinate with security personnel to define priority thresholds for system alerts and notifications supporting the system change management tool (currently Tripwire)
• Conduct security impact assessments for system/functional change requests
• Conduct reviews of privileged accounts in coordination with other personnel
• Prepare Interconnection Security Agreements/Memoranda of Agreement (ISA/MOU) and review and update existing ISA/MOUs (Federal ISSM has final approval of ISA/MOUs)
• Prepare and maintain operational IT security procedures at the direction of the Government Technical Manager. Security procedures should be reviewed and/or updated on a regular basis to reflect changes in security standards and requirements
• Conduct secure configuration compliance and vulnerability assessments through regular detection compliance testing and provide assessment results (current tools used are Qualys, Nessus, Splunk, DB Protect, and Web Inspect)
• Provide continuous monitoring support and prepare/update project plans
• Support audit trail monitoring and ensure logs are forwarded to centralized tool (currently Splunk) and lead quarterly audit trail reviews
• Provide input on new technologies that provide enhanced protection, reduce operational cost, or provide appropriate safeguards and security features that meet the protection threshold for securing assets effectively
• Create, maintain, and update applicable documentation and reports

Requirements

Technical Qualifications:

• NIST 800.53, 800.171, RMF Framework and Cybersecurity Framework
• Developing System Security Plans, Disaster Recovery Plans, and similar documentation required for RMF
• Understanding of industry security and compliance statuses, standards, and policies.
• Conduct secure configuration compliance and vulnerability assessments through regular detection compliance testing and provide assessment results
• Experience with Qualys, Nessus, Splunk, DB Protect, and Web Inspect

Qualifications:

• 7+ years of technical experience in cybersecurity
• 7+ years of experience with Federal certification and accreditation (C&A) or A&A
• 7+ years of experience with maintaining IT security policies, processes, and guidance
• Professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security.
• Experience with applying the NIST Cybersecurity Framework
• Experience with Federal Risk and Authorization Management Program (FedRAMP)
• Experience with NIST special publications (SPs) regarding the SA process.
• Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M).

Benefits

Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, and generous PTO and Federal Holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!

Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.