• Information System Security Officer

    Job ID 2018-1260
    Job Locations US-DC | US-DC-Washington
  • Overview

    TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is an Inc. 500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology's FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development.



    The ISSO will be responsible for developing and providing risk and vulnerability assessments, Security Control Assessments (SCA), SA&A documentation, and various reports based on NIST guidelines and client policies, procedures and requests.

    • Ensure that the Automated Information System (AIS) are operated, used, maintained, and disposed of in accordance with internal security policies and practices
    • Ensure that the AIS are accredited based upon NIST guidance and accredited the AIS utilizing the NIST RMF process or ICD 503 templates if NSS/classified information system
    • Enforce security policies and safeguards on all personnel having access to the AIS for which the ISSO has responsibility
    • Ensure users and system support personnel have the required security clearances, authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the AIS is granted
    • Ensure audit trails are reviewed periodically in accordance with departmental policy and the Security Authorization documentation (e.g., weekly or daily)
    • Ensure that audit records are archived for future reference and audit artifacts are generated as needed
    • Initiate protective or corrective measures if a security problem is discovered
    • Report security incidents in accordance with DHS Management Directive 4300 to the Authorizing Official (AO) and System Owner (SO) when an AIS is compromised or a suspected compromise has occurred
    • Report AIS security status as required by DHS Management Directive 4300 and the AO
    • Determine when time-sensitive system patches identified by the DHS Security Operations Center must be quickly implemented to protect systems
    • Evaluate known vulnerabilities to ascertain if additional safeguards are needed
    • Maintain a plan for site security improvements and progress towards meeting the Accreditation/re-accreditation of their respective AIS
    • Perform all ISSO duties as directed by DHS Component policy and DHS Management Directive 4300(A/B/C)
    • Perform duties as the security specialist for secure rooms/SCIFs which have the possibility to process information up to the TS/SCI level (where applicable)


    • A minimum of five (5) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
    • Demonstrates a proficiency in developing, maintaining and managing Security Authorizations and Assessments packages
    • Experience with developing and managing Plans of Action & Milestones (POA&Ms)
    • Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
    • Technical experience with reviewing vulnerability scans and providing mitigation techniques
    • Possess expertise in conducting annual assessments
    • Experienced writing security related policies and procedures
    • Possess experience conducting Contingency Plan test
    • Experience with conducting audit log reviews
    • Experience with NIST Special Publications and guidance
    • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
    • Excellent communication (written and verbal) skills


    • Bachelor’s degree or higher in Computer Science, Information Technology, Information Security, or similar fields.


    • A minimum of at least one (1) certification must be active relating to information security such as:
      • Certified Information Systems Security Professional (CISSP)
      • GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
      • CompTIA Security +
      • CEH


    • Top Secret Clearance
    • DHS Suitability Acceptable


    Here at TISTA Science and Technology we value our Veterans and encourage all to apply!


    TISTA is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed