6 days old

Information Systems Security Officer (Journeyman)

SAIC
Reston, VA 20190

Description

We are seeking a motivated and customer oriented Remote Information Systems Security Officer (Journeyman) to join our team working from home to begin an exciting and challenging career with SAIC.

Remote/Virtual work (on site work required on a "needs" basis).

The candidate will work within a US government contract to support a Cloud based SaaS Acquisition Management System that is on the forefront of modern Agile best practices.

As a ISSO Journeyman, you will engage and collaborate with the operations and development teams to deliver secure, quality, innovative, and highly scalable web-based application to end client. ISSO Journeyman will support ISSO Lead, PM, and operations or developer teams with various cloud application service provider's security compliance (Vulnerabilities or Security Benchmarks) requirements per FedRAMP and NIST guidance within a fast-paced application development environment. 

The ideal ISSO Journeyman will have prior experience working with various team or engineers, developers, and systems administrators on Agile best practices, processes, and tools. This role will assist in improvement of adoption and continued improvement of agile, software engineering, and DevOps cyber security practices.

Duties:
· Serve as the liaison between ISSO Master, PM, and the Information System Security Manager (ISSM) on all matters
· Assist in developing security control selection guidance consistent with the organization's risk management strategy
· Assist in documentation of Agency common controls
· Acquire/develop and maintain tools, templates, or checklists to support the security control selection process and the development of system security plans
· Assist and assess the implementation of continuous monitoring (CM)
· Involve in implementation and management of “AC-2; ACCESS CONTROL; Account Management” and review Agency accounts for compliance.
· Work closely with the system administrators to ensure the System automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies Agency designated personnel.
· Monitor the use of System users/services accounts and Review/analyze audit records.
· Response to any Audit Processing Failures according to Agency and NIST guidance.
· Assist in developing any required quality manual, quality procedures, and standard operating procedures (SOPs) for the entire staff during implementation.
· Facilitate the planning, execution, monitoring, and testing of security controls against FedRAMP or NIST security requirements for the systems and supporting applications, maintain the security compliance score required by Agency in both patch management and STIGs implementations
· Document approved changes to the system, component, or service and the potential security impacts of such changes; and track security flaws and flaw resolution within the system, component, or service and report findings to SAIC and Agency designated officials
· Implement the use of AppDetective, Nessus, WebInspect, or any other Agency required core impact vulnerability assessment tools for incorporation into security assessment report (SAR) findings and analysis
· Implement automated mechanisms to detect the presence of unauthorized hardware, software, and firmware components within the Agency
· Develop or maintain the contingency plan for the Agency and Coordinates contingency planning activities with incident handling activities
· Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing
· Communicate contingency plan changes and Protect the contingency plan from unauthorized disclosure and modification
· Develop/update, document, and disseminates an identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance teams
· Develop, disseminate and maintain the Incident Response (IR) Policy and Procedures
· Develop or update (at least annually) the Agency security Plan (SP/SSP)
· Assist in implementation of “PS-4; PERSONNEL SECURITY”; Personnel Termination; such as, disables information system access, terminates/revokes any authenticators/credentials associated with the individual
· Document attempts to obtain system component, or information system service documentation when such documentation is either unavailable or nonexistent
· Develop, disseminate and maintain Agency communications protection policy that addresses purpose, scope, roles, and responsibilities
· Ensure the implementation of “SI-4 (5); SYSTEM AND INFORMATION INTEGRITY”; Information System Monitoring - Enhancement: System Generated Alerts, system sends alerts to the designated personnel when compromise or potential compromise occurs
· Ensure the information system detects network services that have not been authorized or approved by Agency.
· Assist in implementing “SYSTEM AND INFORMATION INTEGRITY; Security Alerts, Advisories, and Directives” - Receive information system security alerts, advisories, and directives from US-CERTS or other Agency directed sources;
· Document if Agency generates internal security alerts and Ensure Agency generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries
· Ensure Agency implements necessary technical measures to protect its memory from any unauthorized code execution
· Actively participate in strategic planning sessions to identify new initiatives aimed at meeting the SAIC IT strategic goals, Agency's Management Agenda, and directorate level goals and objectives 



Qualifications

Requirements:
· Must be a U.S. Citizen (or GC with 3 years of continuous stay in US) and eligible to get Government Clearance
· CISSP, CAP, CEH, or AWS associate cloud architect or security certifications
· 3+ Years with BS or 2+ Years with MS

Nice to Have:
· Prior knowledge of Contract Acquisition Lifecycle Management applications
· Prior experience of FedRAMP Agency sponsored ATO or self-assessments
· Working knowledge of Cloud Security compliance and Continuous Monitoring strategies
· Familiarity with other Agile approaches: XP, Kanban, Crystal, FDD, etc.
· Strong analytical skills and the ability to pay careful attention to detail
· Understanding of successful Agile techniques: User Stories, Continuous Integration, Continuous Testing, Pairing, Automated Testing


Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Categories

Posted: 2020-05-21 Expires: 2020-06-20

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Systems Security Officer (Journeyman)

SAIC
Reston, VA 20190

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast