Skip navigation
Unable to save this job. Please try again later.

{msg}

Email this Job to Yourself or a Friend

To begin the application process, please enter your email address.

Company Contact Info

Already have an account?

Sign in to apply with your saved resumes.

New to CareerBuilder?

Don't have an account? Continue as a guest!

Sorry, we cannot save this job right now.

Report this Job

Trust and Site Security Team.

Email Send Failed!

ISSO as a Service Information Assurance Specialist

Federal Working Group • Arlington, VA

Posted 4 days ago

Job Snapshot

Full-Time
Experience - At least 5 year(s)
Degree - 4 Year Degree
Government - Civil Service
Information Technology
1

Applicant

How Do You Compare to the Competition?

Get facts about other applicants with a CareerBuilder Account

Job Description

Clearance Level: Must be able to attain or maintain a SECRET level clearance

Location: Washington, DC

 

OVERVIEW

This position will be part of a team responsible for performing all ISSO duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and NIST guidance.

TYPE OF WORK TO BE PERFORMED

  • ISSO’s will provide technical oversight for all USCIS systems. They will remediate and provide recommendations with enterprise issues such as patch management and vulnerability management.

  • Support all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as required and as directed by the Federal Government for assigned systems.

  • Ensure system is properly patched and hardened according to DHS requirements.

  • Conduct research and analysis on abnormalcies and provide recommendations

  • Assist ISSOs with issues and concerns related to their assigned systems

  • Provide oversight into all ISSO as a Service responsibilities

  • Perform other duties as assigned by the Government

  • Support all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as required and as directed by the Federal Government for assigned systems.

  • Complete, maintain and/or support the completion and updates of all FISMA required documentation listed in Table 1 of this document by either updating the documents or providing input and reviews for the document updates.

  • Ensuring accuracy of Security Plan information; for example, conducting analyses of any Trusted Internet Connection (TIC) or non-TIC connections to ensure accurate information in the Security Plans.

  • Complete and maintain an up to date inventory of all system components for assigned system.

  • Ensure all FISMA security controls and requirements are met at inception and throughout system development and report on status of all controls for any ATO briefs or POA&M/ATO follow-on briefs.

  • Conduct annual assessments and CP testing as required by DHS, USCIS and ISD.

  • Ensure system is properly patched and hardened according to DHS requirements.

  • Ensure Rules of Behavior are signed for all system users.

  • Review audit logs on a weekly basis.

  • Ensure a visitor log is being utilized and maintained for access to physical spaces where system components reside and review the visitor logs on at least a monthly basis.

  • Coordinate and facilitate Security Contol Assessor SCA activities as required and directed by the Federal Government. For example:

    o Ensure all Scanning Authorization letters are signed in a timely manner by appropriate stakeholders

    o Ensure appropriate accounts and access is provided to the SCA team within a timely manner

    o Coordinate and support all Security Assessment interviews as required

  • Coordinate and manage all OA activities for the system, including:

    o Compile, write, update, finalize, produce and support all documents associated with OA – including:

  • Trigger Accountability Log (TRAL)

  • System Enrollment Form (SERF)

  • Review of monthly RMB brief and system associated slides

  • System Accounts Review Log

  • System Audit Log Review Log

  • Control Allocation Table (CAT)

  • Other documents as required by the Government

    o Conduct all testing associated with and as per the schedule listed in the system’s CAT

    o Document all change to the system that may be considered to have any impact on the security of the system within the TRAL.

    o Attend the monthly board meetings and any other meetings associated with OA as requested.

  • Ensure that risk analyses are completed to determine cost-effective and essential safeguards.

  • Attend security awareness and related training programs and distribute security awareness information to the user community as appropriate.

  • Provide input to appropriate IT security personnel for preparation of reports to higher authorities concerning information systems.

  • Ensure that weaknesses are identified, documented, addressed and remediated through the process of POA&Ms, Waivers.

  • Complete WEAR documentation as required and to meet USCIS, ISD and DHS standards and requirements and ensure they are approved at least 60 days prior to POA&M expiration.

  • Complete a remediation plan for all POA&Ms.

  • Review monthly scan reports and escalate issues to POA&M team so that POA&Ms can be opened as required.

  •  Ensure WEAR and other SAP information is created and updated within all DHS and USCIS security information repositories (currently IACS and ECN).

  • Ensure that WEAR documents are created for POA&Ms and approved by ISD no less than 60 days prior to POA&M expiration.

  • Provide code review and approval for any code developed for the system prior to deployment into production.

  • Report IT security incidents (including computer viruses) in accordance with established procedures, including the incident response process and procedures.

  • Report security incidents not involving IT resources to the appropriate security office.

  • Ensure compliance with all legal requirements concerning the use of commercial proprietary software, such as respecting copyrights and obtaining site licenses.

  • Provide Security Incident Management and Security Architecture assistance, including but not limited to development and maintenance of technical and administrative processes, methods, procedures and solutions, as required.

  • Provide Security Authorization document technical support and guidance throughout USCIS, as required.

  • Review, analyze and document scan results in a manner compliant to the Government and articulates weaknesses per host and/or the entire information system.

  • Ensure immediate remediation of critical and high vulnerabilities via Emergency CRs.

  • Ensure moderate and low vulnerabilities are entered as POA&Ms in the DHS Information Assurance Compliance System (IACS).

  • Analyze vulnerability scanning reports and document baseline vulnerabilities against remediated status (pre and post scans required) and coordinate vulnerability remediation efforts.

  • Ensure changes do not detract from the current security configuration or state of the system/environment and ensure all changes should maintain or improve the overall security standing of the system or application undergoing an SCA.

  • Develop and complete all activities and deliverables contained in the USCIS SELC and DHS Sensitive Systems Policy Directive 4300A and DHS AD 102.01. The USCIS SELC is supplemented with information from DHS and USCIS policies and procedures as well as the NIST Special Procedures related to computer security and FISMA compliance.

  • Ensure maintenance of system components is implemented via the Change, Configuration, and Release Management (CCRM) processes and procedures.

  • Complete security questionnaires attached to any USCIS, DHS and OneNet change requests.

  • Review and provide recommendations to Government managers for USCIS, DHS and OneNet change requests that are reviewed at the various boards.

  • Provide gateway support to the USCIS Information Technology Lifecycle Management (ITLM) resources for USCIS information systems.

  • Perform tasks necessary to validate cleared or remediated USCIS system and application POA&M items related to DHS ICCB requirements.

Job Requirements

 

  • Have and maintain at least one active IA Level II or above certification such as but not limited to Security+, CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA.

  • Have at least three (3) years of specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor or Information Systems Security Manager.

  • Have a minimum of three (3) years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools.

  • Have a minimum of three (3) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings.

  • Have advanced Microsoft Excel and Access skills to perform extensive data mining, correlation and reporting.

Help us improve CareerBuilder by providing feedback about this job: Report this Job.
CAREERBUILDER TIP
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.
By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.