Strategic Information Technology Advisor ISSO – II

Location: 700 Army Navy Drive, Arlington, VA

However, can move between Sterling, Arlington, Lorton, & remote

3 days onsite and 2 days remote

Clearance: Secret or Top Secret

Salary: 145k - 150k w2

Rate: 70/hr to $75/hr 1099

Description:
The ISSO is the component official assigned by the Authorizing Official or other senior management for ensuring the appropriate operational security posture is maintained for an information system or program. The ISSO also serves as the principal advisor to the Authorizing Official and Information System Owner on all matters (technical and otherwise) involving the security of the information system.

The Forensics Information Systems Security Officer (ISSO) will work with government and industry customers to provide cyber security expertise endpoints.

The Forensics Information System Security Officer (ISSO) is responsible for providing Incident Response and Forensic (IRF) Trusted Advisor services for the Office of Forensic Science. Key services include Cybersecurity Incident and Breach Response, forensic analysis of compromised assets, malware reverse engineering, and ultimately identification and remediation of compromised assets.

Duties:

• Collaborates with and provides consulting services to clients in a trusted advisor role.
• Works independently on complex projects or works in a team as a project leader.
• Provides advisory assessments in relation to cybersecurity breach prevention.
• Conducts gap assessments and provides actionable recommendations to remediate shortcomings.
• Documents findings and recommendations in Remediation Roadmaps.
• Provide Collection of Electronic Data (CED) support in accordance with Agency policies and procedures.
• Assist the Government in response to agency-wide and/or significant cyber incidents and providing oversight for this service.
• Collaborate and coordinate with other organizations, Cybersecurity Services Section, Network Operations Center (NOC), system administrators and ISSOs, as needed in support of all service activities.
• Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
• Develop and maintain collection processes to identify, label, and acquire data from all available sources and maintain data integrity and a clear a chain of custody.
• Develop and maintain examination procedures to forensically process collected data and preserve data integrity.
• Develop and maintain procedures to analyze the results of the examination process, using industry best practices, to derive answers to the cyber investigations information they provide.
• Develop and maintain a process to report the results of the cyber forensic analysis to include actions, tools used, remediation recommendations, and outcomes.
• Prepares and presents reports of findings, provides expert testimony, and performs a variety of crime laboratory duties.
• Conducts thorough examinations of computer hard disk drives, and other electronic data storage media.
• Preserves and copies the original media.
• Prevents the transference of viruses, destructive programs, and inadvertent writes to and from the original media.
• Restores recoverable deleted files.
• Accesses password-protected and secured files.
• Uses forensic software applications to analyze electronic media.
• Examines the contents of a computer's CMOS.
• Examines boot record data, system configuration, and operation command files.
• Verifies the correctness of the computer's internal clock.
• Physically disassembles and examines computers and related hardware components.
• Identifies evidence of computer crimes such as the theft and sabotage of data; unlawful access of data and systems; fraudulent use of bank, credit, and telecommunications accounts; and the trafficking of pornography.
• Examines and analyzes text, graphics, multimedia, and digital images.
• Labels and secures evidence.
• Prepares and presents reports of examinations and findings.
• Works with prosecutors and others to prepare cases for trial.
• Provides expert opinion testimony in courts.
• Trains and instructs other employees.
• Provides advice and guidance regarding computer crimes.
• Create the Body of Evidence (BOE), Security Control Traceability Matrix (SCTM), and other cyber security program artifacts while working toward RMF-compliant security control inheritance
• Apply knowledge of commercial and classified government cloud environments to strategize and conduct rigorous cyber security assessments on a developmental CI platform-as-a-service
• Support CI assessment and authorization (A&A) events as the senior cyber security expert
• Providing subject matter expertise and consulting on security related matters for enterprise information system and network architectures, access problems, and implementation of security policies and procedures.
• Ensuring secure access and protecting against unauthorized access, modification, or destruction of data.
• Demonstrating a familiarity with a variety of security concepts, practices, and procedures.
• Performing a variety of tasks and working under general supervision.

Functional Responsibilities:
The candidate may perform any or all the following:

• Oversees and manages day-to-day operation of Information Systems.
• Optimizes system operation and resource utilization and performs system capacity planning/analysis while maintaining the security posture.
• Performs system security analyses on client networks and systems; provides guidance, training, research, and recommendations on client networks and IS; performs security audits, evaluations, and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities; conduct security and internal control reviews of sensitive systems.

• Conducts specific technical reviews to support non-standard operational requirements and systems; design, develop, and maintain unique security tools and techniques for conducting security assessments; provide advanced technical computer and communications security assistance; provide expert assistance and recommendations in the field of Information Assurance and Cybersecurity.
• Conducts security assessments, security authorizations, and evaluations of applications and systems processing sensitive or classified information; develops requirements and specifications for reviewing and approving procurement requests, major systems development activities, telecommunications and teleprocessing hardware and software, and hardware and software encryption techniques on the basis of security concerns; and assesses technology to ensure that security vulnerabilities are identified and remediated.
• Develops and maintains IT security documentation, including system security plan, risk assessment, Plan of Action, and Milestones (POA&M), contingency plan, incident response plan, IT security policies and procedures, etc.

·Assisting in the identification, implementation, and assessment of the common controls.

·Assisting in developing and updating the SSP, and coordinating with the Information System Owner, any changes to the information system and assessing the security impact of those changes.

·Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package.

·Reporting all incidents.

·Monitoring system recovery processes and ensuring the proper restoration of information system security features.

·Performing annual assessments, at a minimum, on an annual basis to ensure compliance with DEA policy and standards.

·Serving as member of Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented.

·Ensuring information system security requirements are addressed during all phases of an information systems lifecycle.

·Establishing audit trails, ensuring their review, and making them available (when required)

·Retaining audit logs in accordance with DOJ and Component policies; and

·Ensuring awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code.

· Evaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategy

· Management of emerging and defined risks associated with the administration and use of assigned information systems

· Coordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO)

· Generate and interpret documentation needed to address the items detailed within the CSAM

· Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy

· Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required

· Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy

·Support the integration/testing, operations, and maintenance of systems security

·Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions

·Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures

· Coordination with the TC Cybersecurity Services Section to achieve and maintain the information systems’ compliance and authorization to operate (ATO)

Required Qualifications:

·Master’s degree from an accredited college or university or equivalent (documented formal training) in Information Technology, and eight (8) years overall experience with a minimum of five (5) years of documented relevant work experience performing any combination of Information SPAA, cybersecurity, system administration, or engineering.

o Education Substitution

§ Any combination of certificates such as Microsoft’s MCSE, or Cisco’s CISM, CISA, CSSP, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience / information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to two (2) years of information security experience.

·Secret clearance: must be eligible for a Top-Secret clearance, if requested.

·Minimum of five (5) years of relevant experience as ISSO, security analyst, or security engineer. Familiarity with program security responsibilities to include, but not limited to the NIST RMF, audit log reviews, system monitoring, SPAA processes, FISMA requirements, vulnerability & compliance scanning, continuous monitoring activities, security testing and evaluation, and security policies.

Preferred Qualifications:

· GIAC Certified Forensic Examiner (GCFE)

· GIAC Battlefield Forensics & Acquisition (GBFA)

· GIAC iOS and MacOS Examiner (GIME

· GIAC Advanced Smartphone Forensics (GASF)

· CHFI: Computer Hacking Forensic Investigator

· CFCE: Certified Forensic Computer Examiner

· CSFA: Cyber Security Forensic Analyst

· Must have a minimum of Secret Clearance

Job Type: Full-time

Pay: $145,000.00 - $155,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Monday to Friday

Ability to commute/relocate:

• Arlington, VA 22202: Reliably commute or planning to relocate before starting work (Required)

License/Certification:

• MCSE or CISM or CISA or CSSP or CCDA or CCNP (Preferred)
• Certified Information Systems Auditor (Preferred)

Work Location: Hybrid remote in Arlington, VA 22202