Tista Science and Technology Corporation

Information Systems Security Officer (ISSO)

Job ID 2021-2510
Job Locations US-MD-Bethesda

Overview

Jumpstart your career as an Information Systems Security Officer with TISTA! You will be a be an integral part of a diverse team while working for an industry leading organization, where our associates come first.

Responsibilities

TISTA is seeking an Information Systems Security Officer (ISSO) / Information Security Engineer (ISE) to join our growing team.

 

 

  • Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices
  • Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199
  • Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility
  • Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System
  • Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems
  • Review and monitoring system security and audit logs
  • Document system’s risk assessment per client directives and requirements
  • Developing a detailed project schedule, including SA&A/SCA task and milestones, task dependencies, and personnel resources
  • Review and generate SA&A and system documentation as needed
  • Update SA&A documentation and artifacts on a regular basis (e.g. annually, after approved change)
  • Conduct SA&A activities and tasks and obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives
  • Develop and document all required artifacts for the SA&A package
  • Select baseline controls for the IT System using RSA Archer and tailor security controls as appropriate
  • Document security control implementation in the system’s Security Plan using the Library’s Information Assurance (IA) tool (RSA Archer)
  • Implement security controls based on IT System FIPS categorization
  • Conduct SCA for IT systems, when required
  • Conduct Contingency Plan Test (CPT) for systems

Qualifications

  • A minimum of five (6) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
  • Demonstrates a proficiency with developing, maintaining and managing SA&A packages
  • Experience with developing and managing POA&M’s
  • Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
  • Technical experience with reviewing vulnerability scans and providing mitigation techniques
  • Possess expertise in conducting SCA’s
  • Experienced writing security related policies and procedures
  • Possess experience conducting CPT’s
  • Experience with conducting audit log reviews
  • Experience with NIST Special Publications and guidance
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
  • Excellent communication (written and verbal) skills

 

EDUCATION:

  • Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields

 

CERTIFICATION:

  • A minimum of at least one (1) certification must be active relating to information security such as:
    • Certified Information Systems Security Professional (CISSP)
    • GIAC Security Essentials Certification (GSEC)
    • CEH

 CLEARANCE: 

Eligible to Public Trust

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed