Website Authenta Tech Solutions
Powered by Innovation. Driven by Security. Designed for Tomorrow.
Authenta Tech Solutions – a Cybersecurity and IT-based consulting firm that specializes in providing security solutions to federal, state, local, and commercial customers nationwide – is hiring a full-time ISSO.
Authenta Tech Solutions is a certified woman-owned, small business that provides full-scope cyber security solutions customized to your organization. With a team of highly trained IT professionals, we hold major industry standard certifications and designations to match our many years of experience. Providing top-quality service is important to us and we prioritize you always. We are on the frontier of using cybersecurity technologies to secure mission platforms and with your organization’s information security and compliance in mind, we utilize our customized processes to align your business operations and governance processes. Our goal is to ensure that your organization’s information system is secure, is compliant with regulatory standards and stays compliant.
Seeking an Information System Security Officer (ISSO) to join our team of Cross Functional Cyber Security specialists providing RMF, Security Authorization, Controls Assessment, Change Management, Continuous Monitoring, Vulnerability Management, and Incident Response for our federal client. The ISSO will work alongside individuals of varying specialties in Security Engineering, Compliance, and Analysis.
The ISSO will support all Risk Management Framework (RMF) activities including the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. The ISSO supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. The ISSO will provide oversight into all program responsibilities as required and will support both but Unclassified (SBU) and For Official Use Only (FOUO) systems. The ISSO will perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.
- Risk Management Framework (RMF) Activities: Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.
- Security Authorization Documentation: Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.
- Security Control Assessment Response: Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.
- Change Management: Review all change requests for potential impact to the system security posture.
- Continuous Monitoring: Conduct audit log and account management reviews and update the Control Allocation Table and Trigger Accountability Log.
- Configuration/Patch/Vulnerability Management: Review scan results for the system assets, identify the respective remediation’s for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.
- Incident Response: Work with the Security Operations Center (SOC) and system teams to investigate and analyze any incidents affecting assigned system(s).
- Apply a comprehensive knowledge across key tasks and high impact assignments
- Evaluate performance results and recommend major changes affecting short-term project growth and success
- Function as a technical expert across multiple project assignments
- Work on high priority ad-hoc request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), DHS/USCIS mandates, etc.
- Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization
- Develop briefings and presentations for Government PM and Executive Management
- Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government
- Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government
- Ensure systems are properly patched and hardened according to DHS requirements
- Assist with issues and concerns related to their assigned systems
- Perform other duties as assigned by the Government
- Conduct research and analysis on abnormalities and provide recommendations
- Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats, and risks in emerging IT projects, and develop technical in-depth engineering solutions to address and mitigate these risks
- Provide technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements
- Provide, prepare, and conduct security training, as needed
- Apply and analyze privacy laws, administrative laws, regulations, and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland Security Act of 2002
- Serving as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations
- Work on the automation, monitoring and auditing of privacy controls for each USCIS system
- Support security and privacy requirements for internal and external system connections
- Support proposed collection, sharing, and maintenance of PII through privacy compliance documentation
- Perform comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with DHS, USCIS and FISMA requirements
- Conduct quality assurance checks to ensure that the finished documentation meets DHS, USCIS, and FISMA requirements
- Implement a two (2) day turn around for the following artifacts: FIPS 199, E-Authentication Workbook, PTA, PIA, CP, CPT and a five (5) day turn around for the review of the Security Plan (SP).
- Establish a mailbox and report tracking mechanism to ensure that the federal staff knows the status of all documents that are in the review process at all times by running a simple report.
- Revise, edit, or update security authorization documentation and presentations
- Create, adapt, and follow project schedules and deadlines
- Develop a thorough understanding of the audience and the documentation required by meeting with colleagues, and working with managers to discuss technical problems
- Research and build knowledge about products, services, technology, or concepts
- Determine the clearest and most logical way to present information and instructions for greatest reader comprehension, and write and edit technical information accordingly
- Prepare or commission graphics and illustrations to elaborate on or complement technical writing
- Meet with SMEs to ensure that specialized topics are appropriately addressed and discussed
- Perform other duties as assigned by the Government
- Must reside within a commutable distance to Camp Springs, MD to work onsite at least 2 days/week when the customer site reopens
- Must be a US Citizen able to obtain a Federal agency-specific clearance prior to starting
- Must have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by the client
Education/Years of Experience:
- Bachelor’s Degree
- 3+ years of specialized experience in one of the following positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager
- 3+ years of experience with analyzing, assessing, and implementing corrective actions based on vulnerability management tools
- 3+ years of experience with leading projects, technical writing, administrative tasks, and conducting briefings.
- Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
- Experience working with NIST SP 800-53, RMF, FISMA, DHS and Department of Defense (DoD) policies
- A deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents
AUTHENTA TECH SOLUTIONS COMPANY BENEFITS
- Health insurance.
- Dental insurance.
- 11 days of personal leave plus paid federal holidays.
- Professional development and training assistance.
Authenta Tech Solutions, LLC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.