Job Specifications
Hello, (Only Us Citizens with Active Interim / Secret / TS clearance - Please don't apply if you don't have the listed active clearance)
We have an urgent position with a Federal client and are looking for committed professionals for this role. Please let me know if you're interested in the following position and committed for a long engagement please share your desired hourly w2 or salary. Thank you,
Information System Security Officer (2 positions) (5 days onsite) - Lorton, Arlington, VA - Baltimore, MD
Work schedule & hours: Mon-Fri (regular 8hours Shift, starts@ 7am or 11 am)
Clearance: US Citizen (Must have Interim / Secret or TS clearance)
Visa: USC only due to federal requirement
Interview: Webcam / phone
Skills Set: ISSO, CSAM, RMF, NIST 837, POA&M, Cloud Computing / Cloud security (Nessus or Splunk or similar tools, Communication / Radio devices experience is highly desirable)
Must have skills to qualify for this position: 5 to 6 yrs of ISSO experience, Strong CSAM, RMF, NIST, experienced working with Nessus OR Splunk OR Similar dashboard, Cloud services / cloud security experience minimum of 1 year, must have ability to handle reporting and deadlines.
Duties:
Create the Body of Evidence (BOE), Security Control Traceability Matrix (SCTM), and other cyber security program artifacts while working toward RMF - compliant security control inheritance.
Apply knowledge of commercial and classified government cloud environments to strategize and conduct rigorous cyber security assessments on a developmental CI platform-as-a-service.
Support CI assessment and authorization (A&A) events as the senior cyber security expert.
Providing subject matter expertise and consulting on security related matters for enterprise information system and network architectures, access problems, and implementation of security policies and procedures.
Ensuring secure access and protecting against unauthorized access, modification, or destruction of data.
Functional Responsibilities:
The candidate may perform any or all the following:
Oversees and manages day-to-day operation of Information Systems.
Optimizes system operation and resource utilization and performs system capacity planning/analysis while maintaining the security posture.
Performs system security analyses on client networks and systems; provides guidance, training, research, and recommendations on client networks and IS; performs security audits, evaluations, and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities; conduct security and internal control reviews of sensitive systems.
Conducts specific technical reviews to support non-standard operational requirements and systems; design, develop, and maintain unique security tools and techniques for conducting security assessments; provide advanced technical computer and communications security assistance; provide expert assistance and recommendations in the field of Information Assurance and Cybersecurity.
Conducts security assessments, security authorizations, and evaluations of applications and systems processing sensitive or classified information; develops requirements and specifications for reviewing and approving procurement requests, major systems development activities, telecommunications and teleprocessing hardware and software, and hardware and software encryption techniques on the basis of security concerns; and assesses technology to ensure that security vulnerabilities are identified and remediated.
Develops and maintains IT security documentation, including system security plan, risk assessment, Plan of Action, and Milestones (POA&M), contingency plan, incident response plan, IT security policies and procedures, etc.
Assisting in the identification, implementation, and assessment of common controls.
Assisting in developing and updating the SSP, and coordinating with the Information System Owner, any changes to the information system and assessing the security impact of those changes.
Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package.
Reporting all incidents.
Serving as member of Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented.
Ensuring information system security requirements are addressed during all phases of an information systems lifecycle.
Establishing audit trails, ensuring their review, and making them available (when required)
Retaining audit logs in accordance with DOJ and Component policies; and
Ensuring awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code.
Evaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategy
Management of emerging and defined risks assoc
About the Company
JPI Technology LLC is an IT services, Contracting & Consulting company based out of 9720 CAPITAL COURT, STE 301, Manassas, Virginia, United States.
Our Innovation Centers focus on creating transformative business technologies and processes to benefit our customers by enhancing user experience, creating efficiencies, protecting data and systems, and improving decision making.. JPI growing at the rate of 30-40% is one of the fastest-growing Small Business Enterprise companies in Virginia, USA. JPI's major focus is Cyber Secur...
Know more