Information System Security Officer
Apply NowCompany: ECS
Location: Fairfax, VA 22030
Description:
ECS is seeking an Information System Security Officer to work in our Fairfax, VA office.
ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.
We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!
ECS is seeking a talented, diligent, and energetic Information System Security Officer. The ideal candidate will apply their ISSO experience and be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program's technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats.
The ideal candidate will be able to align to the following duties:
ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.
We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!
ECS is seeking a talented, diligent, and energetic Information System Security Officer. The ideal candidate will apply their ISSO experience and be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program's technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats.
The ideal candidate will be able to align to the following duties:
- Apply experience of RMF Steps 1 through 4; significant experience producing Information Security documents (System Security Plan, Privacy Assessments - PIA, PTA, Risk Assessment, Incident Response, Disaster Recovery, Interconnection Systems Agreements, BIA, ISA, etc)
- Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives
- Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations in addition to brief technical vulnerabilities and system non-compliance based on Information Security policy
- Develop, revise, and capture system-specific workflows and processes that align with compliance and program governance based on relevant guidelines and regulation
- Evaluate system functions for writing security control language for the satisfaction of an authority to operate
- Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes
- Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support
- Maintain system security awareness through regular monitoring and alerting
- Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime
- Document and track POA&Ms from creation to completion
- Create and maintain dashboards to inform cyber risk posture
- US citizenship with ability to obtain Public Trust Suitability
- Bachelor's degree or 5 years of relevant experience
- 3+ year's operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations
- 3+ years' experience reviewing and/or configuring AWS Organizations, CloudFormation, and/or Terraform Infrastructure as Code
- 3+ years of infrastructure and network security experience
- 3+ years implementing NIST RMF and writing security control responses across all control families
- 3+ years delivering Federal cybersecurity reporting and compliance requirements
- 3+ years evaluating system security posture from the application level to underlying infrastructure
- 1+ year supporting systems deployed in cloud hosting environments
- 1+ year experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums