ISSO

You…

As the Information System Security Officer (ISSO) at Octo, you will be responsible for ensuring that the appropriate operational security posture is maintained for each assigned information system or product. The ISSO is responsible for the day-to-day implementation, oversight, and maintenance of the security configuration, practices, and procedures for each product under the ISSO's purview in accordance with the client’s policies and guidelines. This role is also responsible for managing the other ISSOs on the program.

Us…

We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking, agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client’s missions.

Program Mission…

This program will support the agency’s Information Technology mission to provide development and operational support of mission-enabling applications. The team will work to enhance and modernize current applications leveraging a continuous integration / continuous delivery pipeline to enable an agile DevOps Strategy.

Requirements…

• Serve as the ISSO overseeing who is responsible for maintaining Security of a dedicated portfolio of government systems
• Interface directly with government agency’s security officers and technical leads to provide portfolio-wide security updates
• Manage security planning/documentation (i.e. SSP, ATO, Security Statements, etc.)
• Security monitoring and evaluation, including audits, assessment, and risk management
• Security awareness and training, and security incident reporting and response management (i.e. POA&Ms, etc)
• Active collaboration with technical leads, developers, and the client to ensure complete security of the product
• Review security artifacts to ensure compliance with NIST controls
• Review system security audit logs, and utilize network scanning software to monitor network activities for possible compromise and take corrective action as needed
• Ensure all IS security related documentation is current and accessible to properly authorized individuals
• Conduct periodic review of information systems to ensure compliance with the security authorization package

Desired Skills...

• Current certification exemplifying skill sets such as those identified in DoD Manual 8570,01-M for IAM level III proficiency (i.e. International Information Systems Security Certification Consortium (ISC²) Certified Information Systems Security Professional (CISSP), the Global Information Assurance Certification (GIAC) [SANS] Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP)
• Experience validating work products against the National Institute of Standards and Technology (NIST) Security Controls
• 5 years hands-on experience obtaining and maintaining security accreditation for Linux-based software systems and capabilities, including documenting and reviewing Security Controls and Test Plans, and using the Archer cyber risk management tool
• Understanding of Risk Management Framework (RMF) and IC Authority to Operate (ATO) and Interim Authority to Test (IATT) processes
• Demonstrated understanding and commitment to modern Continuous ATO processes (desired)
• Advanced organizational skills with the ability to handle multiple assignments
• Strong written and oral communication skills
• Strong critical thinking skills with Inquiring mind / inquisitive nature
• Microsoft Office proficiency
• Experience working in an Agile environment, a plus
• Technical and professional writing expertise; experience with MS Office products

Years of Experience: 10 years related experience.

Location: Remote

Security Clearance: The ability to obtain and maintain a government Public Trust clearance is required