Job Information
TISTA Science and Technology Information System Security Officer (ISSO) in United States,
Overview
TISTA Science and Technology Corporation is seeking anInformation System Security Officerto join our team.
The ISSO will be responsible for providing the client support in proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. The ISSO supports Security authorization and continuous monitoring activities in compliance with National Institute of Standards and Technology (NIST) Guidance and the United States Department of Agriculture (USDA) policy and procedures.
Responsibilities
The person filling this role will work as part of a team of IT Security professionals who support the security compliance and cloud initiatives of the agency
Conduct security assessment and authorization activities and tasks and obtain an Authorization to Operate (ATO) in line with NIST and client guidance and directives
Determine the baseline IT Security requirements for IT Systems, diagram system authorization boundaries, determine system categorization based on FIPS-199
Manage IT system vulnerabilities
Conduct technical evaluation and system design review to assess the effectiveness of existing controls and provide meaningful recommendations
Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes, and propose and take corrective action as appropriate
Assist in Federal Information Processing Standard (FIPS) categorization of applications/systems
Participate in risk assessments, vulnerability scans and penetration testing of new and existing systems to identify, investigate and document security weaknesses
Document and implement security controls using NIST standards
Review and generate authorization and assessment system documentation as needed: System Security Plans (SSP), Configuration Management Plans (CMP), Security Assessment Reports (SARs), Privacy Threshold Assessments (PTA), Privacy Impact Analysis (PIA), Disaster Recovery Plans (DRP), Information System Contingency Plans (ISCP), Incident Response Plans (IRP), Risk Assessment Reports (RARs), Standard Operating Procedures (SOPs) and Plans of Action and Milestones (POA&MS)
Create and maintain project content in the Governance, Risk, and Compliance (GRC) tool per client’s guidance
Identify and report detailed Plan of Action and Milestone (POA&Ms); manage and monitor for corrective actions
Review and analyze system scan reports
Provide guidance on security requirements for systems hosted in cloud (including FedRAMP) versus on-premise
Research and stay up-to-date on industry standards and any new vulnerabilities and risks
Assess systems to analyze risk and report weaknesses findings
Work with developers and DBAs in addressing findings
Assess and review current technology infrastructure to identify key risk areas, and ensure adequate levels of controls are in place to address those risks
Participate in and support internal and external compliance initiatives including audit requests, tabletop exercises, security training, and other tasks associated with improving the company’s security posture
Qualifications
5+ years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
Recognized IT security and cloud certifications
Fundamental understanding of cloud security
Demonstrates a proficiency with developing, maintaining and managing security authorization and assessment packages
Experience with developing, managing and mitigating POA&Ms
Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
Technical experience with reviewing vulnerability scans and providing mitigation recommendations
Possess experience in participating in Security Control Assessments (SCA)
Experience writing security related documentation, policies and procedures
Experience with NIST Special Publications and guidance
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
Experience with maintaining security packages in a Governance, Risk, and Compliance tool
Strong written and oral communication skills
Education:
Bachelor’s degree or higher in Computer Science, Information Technology, Information Security, or similar fields
5+ years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
10 years of additional relevant experience may be substituted for education
Required Certifications:
Certified Cloud Security Professional (CCSP)
MS AZ-900 (Microsoft Azure Fundamentals)
Desired Certifications:
Certified Information Systems Security Professional (CISSP)
Certified Authorization Professional (CAP)
Location:
Remote
Clearance:
Public Trust
Salary Inforamtion:
The pay for this position ranges from $110,000 to $125,000.
The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, and location.
Also, certain positions are eligible for additional forms of compensation, such as bonuses.
TISTA associates are eligible to participate in our comprehensive benefits plan! More information can be found here: https://tistatech.com/working-at-tista/
TISTA Science and Technology Corporation,a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is recognized in 2019 by Inc. 5000 as one of the fastest-growing private companies in the US. TISTA is also a recipient of 2019 Top Veteran-Owned Companies by the Washington Business Journal. TISTA also received a 2018 Moxie Award in the GovCon category.
Here at TISTA Science and Technology, we value Veterans and encourage all to apply!
#thinktista #tistacares #tistavaluesvets
Employment Transparency:
TISTA is an Equal Opportunity/Affirmative Action Employer and embraces diversity in our employee population. It is the policy of TISTA to provide equal opportunity to all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or genetic information. TISTA will refrain from discharging, or otherwise discriminating against, employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants.
The EEO is the Law poster is available here, and the poster supplement is availablehere. (https://www.eeoc.gov/employers/upload/poster_screen_reader_optimized.pdf)
The Pay Transparency Policy is availablehere. (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Tista is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation due to a disability for any part of the employment process, please send an e-mail torecruiting@tistatech.comor call (301) 968-3420 and let us know the nature of your request and your contact information.
TISTA is a federal contractor and is subject to the federal contractor COVID requirements under the new FAR/DFARS clauses and must comply with the incorporated Guidance.
If the candidate is hired to perform work on or in connection with one of TISTA’s federal contracts, TISTA is contractually obligated to ask the candidate to verify and show proof of vaccination status and the candidate will be required to comply with mask and social distancing requirements imposed by the FAR/DFARS as well as any additional requirements imposed by TISTA’s customers for any required onsite work.
Job ID2024-5183
Job LocationsUS-Remote-United States