Information System Security Officer

February 20

⚔️ Virginia – Remote

Although this job is listed in Virginia, this company may be open to hiring remote in other states.

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Security Engineer

Apply Now

Receive Emails with Similar Jobs

NexThreat

WebsiteLinkedInAll Job Openings

NexThreat is a global cybersecurity firm that provides comprehensive data management, IT modernization, and cloud migration services. The company specializes in leveraging advanced data analytics, artificial intelligence, and machine learning to enhance cybersecurity measures and enable threat hunters to combat advanced adversaries effectively. NexThreat helps its clients across commercial, government, and defense sectors to reduce false positives, increase operational efficiency, and maintain compliance with the latest regulations. By focusing on intelligence, action, and security operations, NexThreat enhances its customers' cyber-fortitude and helps them achieve mission-critical objectives without compromising their data's confidentiality and integrity.

SIEM • Insider Threat • ArcSight • Splunk • Compliance

11 - 50 employees

🔒 Cybersecurity

🤖 Artificial Intelligence

📋 Compliance

📋 Description

• Job Title: The Information System Security Officer (ISSO) • Location: Alexandria, VA, remote • Job Category: Information Technology • Time Type: Full-time • Clearance Requirement: No clearance required • Employee Type: W2 or 1099 • Citizenship: US Citizen, no Dual Citizenship • NexThreat is seeking an Information System Security Officer (ISSO). The perfect candidate will be responsible for overseeing the security of information systems within the organization. The ISSO ensures compliance with applicable security policies and regulations, including but not limited to the Risk Management Framework (RMF) and various cybersecurity standards. This position demands a proactive approach to risk management and incident response within a cloud computing environment. • Key Responsibilities: • Provide Risk Management Framework (RMF) Support • Maintain and renew existing Impact Level 4 (IL4) cloud ATO. • Update records in the Enterprise Mission Assurance Support Service (eMASS), CWBI Hub, and Confluence to include system management information, security controls, implementation plans, control status continuous assessments, and a continuous monitoring plan. • Analyze Personally Identifiable Information (PII) and Controlled Unclassified Information (CUI) within CWBI and prepare Privacy Impact Assessments and System of Record Notices (SORN). • Maintain and update Record Management Surveys (RMS) and supporting documents. • Coordinate with SCA-V or DoD Continuous Monitoring program for assessments. • Perform post-assessment actions, including creating a Plan of Action and Milestones (POA&M), Security Assessment Reports (SAR), and coordinating finalized authorization decisions with USACE CIO/G-6 and the Authorizing Official. • Facilitate CWBI change management activities utilizing standard DevSecOps solutions. • Track change management items from reception to completion. • Conduct security impact assessments for proposed changes. • Analyze CWBI modules for configuration changes using automated means. • Establish and maintain baseline hardware and software configurations, as well as documentation for ports, protocols, and services management (PPSM). • Update CWBI system documentation in eMASS, Army Portfolio Management Solution (APMS), CWBI Hub, and Confluence as required. • Provide Tier 3 Cyber Security Service Provider (CSSP) Support • Conduct Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), and Army Endpoint Security Solution (AESS) scanning. • Coordinate system access for necessary scans. • Compile and analyze monthly vulnerability reports, categorizing impact levels and assisting CWBI PMO in prioritizing work to mitigate risks. • Provide code vulnerability testing, dynamic code scanning, and cloud storage management services compatible with tools such as Burp Suite, Cloudberry, and ThunderScan, ensuring any licenses are the property of USACE. • Conduct Security Content Automation Protocol (SCAP), Security Technical Implementation Guide (STIG), and Federal Risk and Authorization Management Program (FedRAMP) analyses. • Perform quarterly SCAP and STIG assessments and analyze results for impacts/risks. • Upload results into eMASS and assist CWBI PMO with risk prioritization. • Continuously monitor system security events via logging and monitoring tools. • Process event log notifications and create service tickets for appropriate technical groups. • Track service ticket resolutions until successful completion. • Qualifications • Bachelor's degree in Computer Science, Information Systems, or a related field. • Relevant certifications (e.g., CISSP, CISM, Security+) preferred. • Proven experience in cybersecurity, RMF, or a related field. • Familiarity with cloud security compliance requirements and configurations. • Strong analytical and problem-solving skills.

🎯 Requirements

• Bachelor's degree in Computer Science, Information Systems, or a related field. • Relevant certifications (e.g., CISSP, CISM, Security+) preferred. • Proven experience in cybersecurity, RMF, or a related field. • Familiarity with cloud security compliance requirements and configurations. • Strong analytical and problem-solving skills.