Currently we are hiring

ISSR / Information Systems Security Representative (Top Secret)

Location: 375 E Street SW, DC  Washington, DC  20472

Clearance: Active Top Secret clearance, periodic review (PR) performed within the past three years, SCI eligibility

Certifications: CISSP (required) and CISM or GSLC; or, ability to obtain CISM or GSLC within 6 months of hire


Job Summary:

Our task order provides on-site technical and administrative Security Assessment and Authorization (A&A) and Continuous Monitoring (CM) support for the client enterprise wide. The Information Systems Security Engineer (ISSR) implements security control assessment principles to review security requirements, verify implementation, and provide mitigation recommendations throughout the Information Systems’ life cycle to facilitate secure systems for A&A and Continuous Monitoring support.

Responsibilities:


• Serve as the Information Assurance Section subject matter expert for the A&A and Continuous Monitoring processes

• Provide security requirements analysis of Information Systems (IS) architectures and designs

• Possess a strong understanding IS security controls/requirements and have the ability to provide guidance to the System Owners and System Teams and recommending implementation strategies 

• Identify IS vulnerabilities and recommend mitigation alternatives for POA&M items

• Review IS security test results to identify weaknesses, technical flaws, and vulnerabilities 

• Recommend technical process improvements for the A&A process"

Experience:


• 5 - 6 years of IA and InfoSec experience; which includes developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans

• Five (5) or more years security control assessment experience; which includes systems A&A principles, requirements analysis, system development (software and hardware); network security architecture concepts (topology, protocols, components); and/or IT security principles and methods (firewalls, demilitarized zones, encryption)"

Qualifications:

• Experience with FISMA and RMF/A&A processes

• Experience with NIST SP (800-27, 30, 37, 53, 60, 137, 144, 145), FIPS (199, 200), CNSSI 1253 experience

• Experience with STIG and SCAP 

• Understanding of the System Development Lifecycle

• Understanding of network access, identity and access management 

• Strong analytical, communication, problem solving and leadership skills

• Ability to perform in a fast paced environment with frequent change"


Additional Skills/Experiences that are desirable but not required for the position:

• Government consulting experience

• CISSP-ISSEP, CCSP, GCIA, CEH, GPEN, OSCP or other related certifications

• Knowledge of CSA guidance

• Experience with VMware

• Experience with cloud automation tools 

• Bachelor’s or Master’s degree in a related field"


Education:

• Bachelor’s or Master’s degree in a related field"

ISSE / Information Systems Security Engineer(Top Secret)

Location: 375 E Street SW, DC  Washington, DC  20472

Clearance: Active Top Secret clearance, periodic review (PR) performed within the past three years, SCI eligibility

CISSP and CISM or GSLC; or ability to obtain CISM or GSLC within 6 months of hire


Our task order provides on-site enterprise-wide technical and administrative Security Assessment and Authorization (A&A) and Continuous Monitoring (CM) support. The Information Systems Security Engineer (ISSE-Security Analyst) uses her/his expertise to perform scans in support of the risk mitigation efforts of the broader ISSO team to achieve Authority to Operate status for client systems and applications.


• Perform scans and analysis of security center logs and coordination with the security personnel and recommend mitigation strategies.

• Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established information assurance (IA) standards and regulations. 

• Validate and verify system security requirements definitions and analyze and establish system security designs

• Develop, implement, and document formal security programs and policies throughout the program and monitors compliance to these policies and programs.

• Manage and maintain a library of security audit tools and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues.

• Perform and maintain Tenable security center scans and create reports

• Perform analysis of Sourcefire IDS

• Perform analysis of McAfee DLP 

• Perform analysis of the Microsoft EndPoint

• Perform analysis of the Insider Threat using MySQL-Linux"


• 5 - 7 years of IA and InfoSec experience; which includes developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans

• Strong background in the use of various scanning tools"

• Experience with FISMA and RMF/A&A processes

• Experience with NIST Special Publications i.e. as 800-27, 30, 37, 53, 60

• Experience with incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans

• Experience with STIG and SCAP, Sourcefire IDS, McAfee DLP, Microsoft EndPoint

• Strong analytical, communication, problem solving and interpersonal skills

• Ability to perform in a fast paced environment with frequent change

• Knowledge of systems engineering principles, requirements analysis, system development (software and hardware); network security architecture concepts (topology, protocols, components); and/or IT security principles and methods (firewalls, demilitarized zones)"

• Government consulting experience

• Knowledge of CSA guidance

• Experience with VMware "

Bachelors or Master’s degree in a related field.


ISSO / Information Systems Security Officer (Top Secret)

Location: 935 Pennsylvania Avenue NW, Washington, DC

Clearance: Active Top Secret clearance, and SCI capable

CISSP, CISM, GISP, CASP, or other certifications exemplifying DoD 8570.1 IAM level III proficiency

The Information Systems Security Officer (ISSO) ensures that the appropriate operational security posture is maintained for each assigned Information System (IS) under his/her purview and works in close collaboration with the Information Systems Security Manager (ISSM), the Information System Owner (ISO), and other IS Stakeholders. The ISSO ensures that cyber security requirements are effectively integrated into the IS operations, management, and documentation. The ISSO provides critical systems, application and infrastructure support to our Customer. The ISSO works with a Team of ISSOs across multiple technical areas, on various system classification types and categorizations, and also collaborates with a diverse group of security professionals and works in close coordination with all system stakeholders.

• Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system). 

• Develop or modify implementation and design documents describing how security features are implemented. 

• Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others)

• Identify deficiencies and provide recommendations for solutions. 

• Track findings with Plan of Action and Milestones (POA&Ms) through mitigation and/or risk acceptance.

• Responsible for elements of physical and environmental protection, personnel security, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures. 

• Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter. 

• Create security policies and maintain existing information system security documentation. 

• Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package. 

• Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities. 

• Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of a potential change's security impact. 

• Conduct daily, weekly and monthly audit review and management of the audit collection system. 

• Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program. 

• Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure. 

• Provide direction and guidance to less experienced IA personnel. 

• Remain sensitive to security infractions and assist in security investigations and responses as requested. Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage.

• Provide security requirements analysis of cloud architectures and designs.

• Identify technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring. 

• Explain cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies. 

• Identify cloud vulnerabilities and recommending mitigation alternatives for POA&M items. 

• Review cloud security test results to identify weaknesses, technical flaws, and vulnerabilities. 

• Review cloud SLAs for compliance to requirements.


• Requires eight (8) or more years of experience with BS/BA (or 5 - 8 years of professional experience with MS/MA)

• Requires a minimum of ten (10) years of work experience in computer science or cyber security-related field.

• Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice. 

• Extensive background with DITSCAP/DIACAP may be substituted in some cases.

• Familiarity with the use and operation of such tools such as Tenable's Nessus and/or Security Center, IBM Guardium, HP WebInspect, AppDetect, Network Mapper (NMAP), or like applications

• Knowledge and experience with security efforts related to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and Oracle.

• Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection

• Cloud technologies such as AWS, Microsoft Azure and Google Cloud"


• Requires a strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice. 

• Extensive background with DITSCAP/DIACAP may be substituted in some cases.

• Familiarity with the use and operation of such tools such as Tenable's Nessus and/or Security Center, IBM Guardium, HP WebInspect, AppDetect, Network Mapper (NMAP), or like applications

• Knowledge and experience with security efforts related to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and Oracle.

• Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection

• Cloud technologies such as AWS, Microsoft Azure and Google Cloud"


• Bachelor's or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable."

Bachelor's or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable.