ECS
Mid-Level Information System Security Officer (ISSO)
ECS, Seaside, California, United States, 93955
Mid-Level Information System Security Officer (ISSO)
Apply for the Mid-Level Information System Security Officer (ISSO) role at ECS. This position is remote but preferably in close proximity to the National Capital Region (NCR). The selected candidate will serve as an advisor to one or more Information System Owners, Business Process Owners, and ISM on all matters involving information system security.
Location: Seaside, CA and Alexandria, VA (remote). Clearance: Secret required; Top Secret may be required. Salary Range: $135,000 – $150,000.
Responsibilities
Serve as a mid-level ISSO for one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security.
Promote the DHRA/DMDC Risk Management Framework maturity.
ATO Program Owner Support
Act as a facilitator between Program and Product Owners and other Cybersecurity stakeholders for coordination of communication and activities within eMASS.
Advise program stakeholders on ATO requirements and identify any missing information in eMASS.
Explain non-compliant controls and propose solutions to stakeholders.
Provide support for program teams on eMASS toolset usage, RMF policies, and additional cybersecurity topics, e.g., cATO, system network traffic diagrams, documenting PPSM, RMF control remediation.
Support Program/Product Owner for their given assessments, validations, and audits with respect to eMASS access and clarifications.
EMASS
Monitor RMF authorization status through eMASS and maintain and communicate a schedule of actions and timelines needed to obtain and sustain system/application authorization.
Create and maintain entries within eMASS instances for applications with required artifacts associated to the relevant Common Control Identifier (CCI) security controls. Artifacts will be provided by DHRA program, product, or project managers.
STIGS
Develop STIG/Control crosswalk documentation to article functionalities to determine how those controls impact the app/system; upon mitigation then take the necessary supporting documentation and screenshots from program, product or project managers and update the associated controls and POAMs in eMASS.
Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation. Other STIG tools may be applicable.
POA&Ms
Ensure POAM entries are kept current in eMASS and report on POAM statuses. Submit POAM workflow requests in eMASS for item closure or extension.
Coordinate with stakeholders to develop POA&M milestones, identify and allocate resources and determine the remediation schedule.
Align roadmaps, update eMASS timelines and POAMs, and coordinate communication with Cybersecurity Division.
Identify efficiencies and employ available and approved procedures or templates for repeatable methods for any shared requirements across applications.
Participate in Cyber Compliance Meetings as needed.
Create presentations and metrics as requested; create weekly, monthly, and in-progress review presentations as needed.
Required Skills
Must be a US citizen, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
Bachelor’s degree in computer science, cybersecurity, information security, or similar discipline and 5 - 8 years of cybersecurity experience in support of the DoD or other federal clients (education/experience substitution allowed).
Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
Display technical experience with conducting research and providing review recommendations of software and technologies.
Experience developing and managing POAMS in eMASS.
Experience with reviewing vulnerability scans and providing mitigation techniques.
Broad technical knowledge is required to review DISA Security Technical Implementation Guides (STIGs).
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high‑quality commitment to mission‑critical systems and solutions.
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data‑driven decision making regarding system threats, vulnerabilities, and risk.
Desired Skills
Prior DHRA/DMDC experience.
CISSP certification.
ISSM and or CISM experience.
Top Secret Clearance.
ECS is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.
Referrals increase your chances of interviewing at ECS by 2x.
#J-18808-Ljbffr
Location: Seaside, CA and Alexandria, VA (remote). Clearance: Secret required; Top Secret may be required. Salary Range: $135,000 – $150,000.
Responsibilities
Serve as a mid-level ISSO for one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security.
Promote the DHRA/DMDC Risk Management Framework maturity.
ATO Program Owner Support
Act as a facilitator between Program and Product Owners and other Cybersecurity stakeholders for coordination of communication and activities within eMASS.
Advise program stakeholders on ATO requirements and identify any missing information in eMASS.
Explain non-compliant controls and propose solutions to stakeholders.
Provide support for program teams on eMASS toolset usage, RMF policies, and additional cybersecurity topics, e.g., cATO, system network traffic diagrams, documenting PPSM, RMF control remediation.
Support Program/Product Owner for their given assessments, validations, and audits with respect to eMASS access and clarifications.
EMASS
Monitor RMF authorization status through eMASS and maintain and communicate a schedule of actions and timelines needed to obtain and sustain system/application authorization.
Create and maintain entries within eMASS instances for applications with required artifacts associated to the relevant Common Control Identifier (CCI) security controls. Artifacts will be provided by DHRA program, product, or project managers.
STIGS
Develop STIG/Control crosswalk documentation to article functionalities to determine how those controls impact the app/system; upon mitigation then take the necessary supporting documentation and screenshots from program, product or project managers and update the associated controls and POAMs in eMASS.
Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation. Other STIG tools may be applicable.
POA&Ms
Ensure POAM entries are kept current in eMASS and report on POAM statuses. Submit POAM workflow requests in eMASS for item closure or extension.
Coordinate with stakeholders to develop POA&M milestones, identify and allocate resources and determine the remediation schedule.
Align roadmaps, update eMASS timelines and POAMs, and coordinate communication with Cybersecurity Division.
Identify efficiencies and employ available and approved procedures or templates for repeatable methods for any shared requirements across applications.
Participate in Cyber Compliance Meetings as needed.
Create presentations and metrics as requested; create weekly, monthly, and in-progress review presentations as needed.
Required Skills
Must be a US citizen, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
Bachelor’s degree in computer science, cybersecurity, information security, or similar discipline and 5 - 8 years of cybersecurity experience in support of the DoD or other federal clients (education/experience substitution allowed).
Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
Display technical experience with conducting research and providing review recommendations of software and technologies.
Experience developing and managing POAMS in eMASS.
Experience with reviewing vulnerability scans and providing mitigation techniques.
Broad technical knowledge is required to review DISA Security Technical Implementation Guides (STIGs).
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high‑quality commitment to mission‑critical systems and solutions.
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data‑driven decision making regarding system threats, vulnerabilities, and risk.
Desired Skills
Prior DHRA/DMDC experience.
CISSP certification.
ISSM and or CISM experience.
Top Secret Clearance.
ECS is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.
Referrals increase your chances of interviewing at ECS by 2x.
#J-18808-Ljbffr