Job Details

Information System Security Officer

Location: Washington, DC | Duration: 12 months | Hybrid

Day-to-day Responsibilities:

• Conduct continuous monitoring activities, including maintenance of current ATO, system self-assessments, and review of vulnerability and compliance reports.
• Ensure stakeholders perform system log reviews as defined in the SSP and review IT system user accounts for accuracy.
• Collaborate with technical teams to mitigate security control deficiencies and vulnerabilities.
• Assess cybersecurity impact of changes to IT systems, document findings, and brief stakeholders.
• Conduct self-assessments of security controls, identify weaknesses, and track remediation activities in POA&M.
• Manage POA&M process for timely detection and alerting of non-compliance issues.
• Provide system access, information, and documentation to security assessment and audit teams.

• Risk Management Framework (RMF)
• System Security Plan (SSP)
• Plan of Action and Milestones (POA&M)
• Authorization to Operate (ATO)
• Security Impact Analysis (SIA)
• Information Sensitivity Security Assessment
• Information Technology Risk Acceptances
• Configuration Management Plan
• Supply Chain Risk Management Plan
• Interconnection Security Agreements
• Memorandums of Understanding
• Information Data Exchange Agreements
• Vulnerability Reports

• Experience with RMF, SSP, POA&M, ATO, and SIA
• Knowledge of Configuration Management Plan and Supply Chain Risk Management Plan
• Understanding of Interconnection Security Agreements and Memorandums of Understanding

• Cybersecurity Staff Augmentation

• Bachelor's Degree, preferably in Computer Science, Information Technology, or Cybersecurity