|Published||May 6, 2022|
Overview VariQ has an incredible opportunity for a high-performing Sr. ISSO to join our team, supporting the FBI either in Washington, DC or Quantico, VA. The Federal Bureau of Investigation (FBI) is a mission-critical, premier Law Enforcement Agency of the United States as well as a critical component of the Intelligence Community. The FBI relies on classified and unclassified information and information systems to perform its mission, so the confidentiality, integrity, and availability of these information assets are paramount to its success. The FBI requires support from an Information Systems Security Officer (ISSO) to provide governance, risk, and compliance services for assigned information assets for its discreet Program Offices to meet requirements from the White House, FISMA, Privacy Act of 1974, OMB, Department of Justice, NIST, Committee on National Security Systems, the Director of National Intelligence, and others. Additional information Available ASAP Security Clearance active Top Secret, able to obtain SCI w CI polygraph Salary competitive market rate Location Onsite in Washington, DC or Quantico, VA Responsibilities ResponsibilitiesDuties Conduct required vulnerability scans according to risk assessment parameters Perform all governance, risk, and compliance activities for assigned systems, serving as the appointed Information Systems Security Officer (ISSO) Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for ISs to maintain security Authorized to Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensuring that day to day security is maintained for assigned information systems Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the FBI's Information System Security Assessment (ISSA) Handbook and NIST publication series NIST 800-53 Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS Initiate protective and corrective measures when a security incident or vulnerability is discovered Monitor system recovery processes and ensure the proper restoration of an IS security features Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware are documented and maintained Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process) Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles Establish audit trails and ensure their review, and make them available, when required, to the Chief Security Officer (CSO) or the Information System Security Manager (ISSM) Retain audit logs in accordance with Department of Justice (DOJ), Office of Director of National Intelligence (ODNI) andor FBI policy Ensure awareness and precautionary measures are exercised to prevent introduction andor proliferation of malicious code manage review and release of media andor memory components Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators. Develop, implement, and enforce information systems security policies Maintain System Security Plans (SSPs) and all other system security documentation Development of other required system plans Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP) Support risk assessment and evaluation activities throughout the Certification and Accreditation (CA) or site accreditation process Able to implement and maintain continuous monitoring Establish audit trails, ensuring their review and reporting all identified security findings Other duties as assigned Qualifications Candidate Thresholds Element Requirement Preference Security Clearance Active TOP SECRET, able to obtain SCI w CI polygraph Active TSSCI, able to pass CI polygraph Technical Certification CISSP CISSP Degree High school diploma Bachelor's 7 Yrs. as ISSO or ISSM in classified environment 7 years 8+ years 9 yrs. of work experience in computer science or Cybersecurity field 9 years 10+ years Active certification as CISSP (or Associate), CISM, GSLC, CCISO, CASP, or CAP CISSP (or Associate), CISM, GSLC, CCISO, CASP, or CAP CISSP (or Associate), CISM, or GSLC Experience running network, host, database vulnerability scans and dynamic application security testing using tools Experience with Tenable Nessus or Security Center, IBM Guardium, HP Weblnspect, NMAP, andor similar applications Experience with Tenable Nessus or Security Center, IBM Guardium, HP Weblnspect, and NMAP Experience and Competencies Work in Federal security environment, Intelligence Community preferred Expertise with FISMA, OMB Cybersecurity Directives, and NIST 800-37, NIST 800-53 Develop and maintain System Security Plans using NIST SP 800-53, Rev. 4 and Rev. 5, Committee on National Security Systems Instruction 1253, Intelligence Community Directive (ICD) 503 NIST Risk Management Framework (RMF) Assessment Authorization (SAA or AA) process Experience working in classified environment Managed remediation efforts Analyzed vulnerability reports and created POAMs Quarterly FISMA reports Security Control Assessment (SCA) planning and development Pluses that Differentiate Candidates Current TSSCI eligibility FBI experience Necessary Qualifications At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility Minimum of 9 years of work experience in a computer science or Cybersecurity related field Hold at least one of the following certifications Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency Familiarity with the use and operation of security tools including Tenable Nessus andor Security Center, IBM Guardium, HP Weblnspect, NMAP, andor similar applications OTHER DUTIES This job description is not designed to cover a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities are subject to change at any time. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. PHYSICAL DEMANDS AND WORK ENVIRONMENT The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit, and reach with hands and arms. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate. NOTE All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the employee will possess the skills, aptitudes, and abilities to perform each duty proficiently. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship. We require all newly hired employees in the United States to be fully vaccinated for Covid-19 (or have an approved accommodation) by January 4, 2022. VariQ is an Equal OpportunityAffirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other protected class. We consider diversity and inclusiveness to be core to our culture, and central to our commitment to fostering an empowering and supportive workplace. About VariQ VariQ was founded in 2003. Its consistent record of excellent performances and client relationships has driven its growth as one of America's fastest-growing privately-held businesses. From a ranking of 834 in the 5000 fastest growing privately held firms in the US in 2010, VariQ is now ranked 467. With core competencies in IT Security, IT Infrastructure, and Program and Project Management, VariQ integrates and manages complex solutions while leveraging secure methodologies. The company provides services for over a dozen clients in Federal, State, and Local Government, and in commercial markets. VariQ is accredited at CMMI Maturity Level 2 and is certified to ISO 90012008. Visit our Careers section at www.variq.com for a complete list of current job openings.