Information System Security Officer (ISSO)

Location: Merrifield, VA
Date Posted: 09-07-2017
Lunarline, Inc. is hiring an Information System Security Officer (ISSO) to work on client site in Merrifield, VA. The ISSO will serve as SME to explain vulnerabilities and risk to management and technical resources.
 
Responsibilities will include:
  • Serve as SME to assist in vulnerability remediation and providing written recommendations on how to mitigate risks. Ensuring recommendations are in compliance with customer regulations, guidance, and management directives.
  • Investigate identified vulnerability risks and assist to prioritize vulnerability remediation actions.
  • Assist in compliance efforts (SOX, PCI, FISMA)
  • Complete assigned projects or assignments independently.
  • Communicate goals, build consensus across teams and negotiate remediation efforts and timelines. Assisting with research, documentation, revision, development, evaluation, and implementation of security plans.
  • Providing support to the team lead who works directly with Staff/Program Managers from Corporate Information Security Office (CISO).
  • Researching, developing, implementing and assessing the effectiveness of security policies, procedures, and controls to support customer operations.
  • Assisting with the development of stakeholder communications, e.g., reports, security presentations, executive-level briefings, etc.
  • Collaborating with stakeholders to ensure security issues are addressed correctly.
  • Maintaining relationships among CISO Leadership, Policy and Risk Management, Inspection Service and Postal Service unit managers, security control officers, area security coordinators, and other key deliverable stakeholders.
  • Providing security guidance to internal and external customers.
  • Serving as a liaison between the USPS organizations.
  • Developing measures of effectiveness and measures of performance for the remediation of vulnerabilities


Required Skills:
  • Must be eligible to obtain a sensitive clearance – Position of Public Trust – and may be required to obtain a higher security clearance.
  • 5+ years related experience in security operations and/or vulnerability management.
  • Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Understanding of security standards and concepts and their practical implications on risk.  Knowledge of security concepts, principles, procedures, methods, and practices to include intrusion prevention and detection, risk assessment tools, closed circuit television, and access control.
  • Understanding of vulnerability scanning and penetration testing and their results.
  • Ability to communicate risks and provide guidance for vulnerability remediation
  • Understanding of common regulatory or standards-based control frameworks such as: PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Knowledge of OWASP, SANS Top 20 Critical Security Controls and NIST Vulnerability Database (CVE & CCE)
  • Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, DNS, etc.
  • Knowledge of Windows and Unix Operating Systems
  • Solid understanding of information, host and network security, common intrusion techniques, and risk management concepts
  • Ability to work within a multi-disciplined team.
  • Proficiency with MS Office Applications.
  • Candidate should also demonstrate attention to detail, have the ability to work independently with minimal supervision and adapt to changes in priorities in a fast-paced environment.
  • Excellent verbal and written communication skills.
  • Excellent interpersonal skill to enable building working relationships.
  • Ability to work in a team environment and work collaboratively across
  • Excellent electronic research skills using search tools, databases, and similar sources to support various customer programs and projects.


Desired Skills:
  • Experience supporting U.S. Government agencies.
  • Ability to assist others in solving problems and work with them to implement the solution.
  • Ability to use interpersonal skills, along with knowledge of the Agency structure and organization, to identify the proper resources to apply to current problems.
  • 2 years of demonstrated experience related to Authorization and Assessment/Certification and Accreditation processes and documentation including Risk Management Framework (RMF) guidelines, directives and security mandates.
  • 3 years of demonstrated experience related to vulnerability notification/identification processes for IAVA, TCNOs, STIGs, etc.


Minimum Education and Certifications
  • Bachelor’s Degree in related field. Two years of relevant work experience may be substituted for each year of degree level education.
  • The following certifications (more than one is preferred): Lunarline, Inc. School of Cyber Security “Certified Expert” certifications, CAP, GSLC, CISM, or CISSP (or Associate)


Place of Performance:
On federal client site in Merrifield, VA
_____________________________________________________________________________________

Disclaimer
  
Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
or
this job portal is powered by CATS