Jobs · Information Technology · Virginia

Senior Information System Security Officer

B/CORE · McLean, VA · 1 wk ago
Information Technology$210k–$235k/yrFull-time

About the role

Join our growing team supporting customer missions as a Senior Information System Security Officer in Tysons, Virginia. Members of the ISSO team support the assessment and authorization (A&A) process for information systems.

Responsibilities

  • Support the assessment and authorization (A&A) process for information systems.
  • Identify risks, vulnerabilities, anomalies, patching, auditing, automation, security hardening, best practices, and evaluate system changes.
  • Collaborate with developers and engineers on projects to create a secure hybrid-cloud environment.

Requirements

  • Minimum of 10+ years applied experience or relevant degree plus 5 years of cybersecurity expertise with demonstrated ability to successfully shepherd IT projects of varying types through the authorization lifecycle.
  • Strong verbal and written communication/cooperation within a team context.
  • Supported control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems.
  • Demonstrated essential understanding of methods for hardening operating systems (e.g., CentOS, RedHat, Windows).
  • Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, Rapid7 Nexpose, and IDS/IPS monitoring and alerting.
  • Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities.
  • Experienced working closely with stakeholders, developers, and external teams, including customer security managers (ISSMs), organizational leadership, and key personnel.
  • Applied experience with the customer’s assessment and authorization tracking tools.
  • Knowledgeable regarding Common Control Provider (CCP) requirements and methodology.
  • Demonstrated knowledge and experience with networking topologies and hardware, including commonly used/referenced network devices, IDS and IPS, etc.
  • Applied experience with open-source and commercial tools and systems such as nmap, Nessus, Rapid7, Splunk, Nipper, Elasticsearch, Jira, Confluence, Cisco, VMware, Citrix, or Trellix, as well as GOTS tools used by the customer.
  • Demonstrated experience with the design and implementation of defense-in-depth solutions.
  • Skilled in cross-team collaboration and effective communication to fulfill specific authorization requirements.
  • Demonstrated skill documenting processes and procedures in CONOPS and system security, contingency, configuration management and other plans.
  • Demonstrated ability to facilitate customer concurrences required for risk-based decisions, especially those requiring waivers.
  • Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirements as documented in NIST 800-53 and its revisions.
  • Extensive familiarity with communications protocols, such as TCP/IP, UDP, HTTP/S, SSH, LDAP, etc.
  • Demonstrated experience with security, monitoring and auditing cloud-based technologies, products and services, such as Amazon Web Services (AWS) or Microsoft Azure.
  • Knowledge of the customer's organization, their network systems and infrastructure, processes and procedures, and request and approval tools.
  • Ability to work within fast-paced customer environments.

Qualifications

Required Qualifications:

  • Minimum of 10+ years applied experience or relevant degree plus 5 years of cybersecurity expertise with demonstrated ability to successfully shepherd IT projects of varying types through the authorization lifecycle.
  • Strong verbal and written communication/cooperation within a team context.
  • Supported control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems.
  • Demonstrated essential understanding of methods for hardening operating systems (e.g., CentOS, RedHat, Windows).
  • Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, Rapid7 Nexpose, and IDS/IPS monitoring and alerting.
  • Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities.
  • Experienced working closely with stakeholders, developers, and external teams, including customer security managers (ISSMs), organizational leadership, and key personnel.
  • Applied experience with the customer’s assessment and authorization tracking tools.
  • Knowledgeable regarding Common Control Provider (CCP) requirements and methodology.
  • Demonstrated knowledge and experience with networking topologies and hardware, including commonly used/referenced network devices, IDS and IPS, etc.
  • Applied experience with open-source and commercial tools and systems such as nmap, Nessus, Rapid7, Splunk, Nipper, Elasticsearch, Jira, Confluence, Cisco, VMware, Citrix, or Trellix, as well as GOTS tools used by the customer.
  • Demonstrated experience with the design and implementation of defense-in-depth solutions.
  • Skilled in cross-team collaboration and effective communication to fulfill specific authorization requirements.
  • Demonstrated skill documenting processes and procedures in CONOPS and system security, contingency, configuration management and other plans.
  • Demonstrated ability to facilitate customer concurrences required for risk-based decisions, especially those requiring waivers.
  • Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirements as documented in NIST 800-53 and its revisions.
  • Extensive familiarity with communications protocols, such as TCP/IP, UDP, HTTP/S, SSH, LDAP, etc.
  • Demonstrated experience with security, monitoring and auditing cloud-based technologies, products and services, such as Amazon Web Services (AWS) or Microsoft Azure.
  • Knowledge of the customer's organization, their network systems and infrastructure, processes and procedures, and request and approval tools.
  • Ability to work within fast-paced customer environments.

Skills

Desired Qualifications:

  • Experienced in scripting/program languages such as Bash, PowerShell, or Python.

Pay

The expected salary range within the Washington, DC metropolitan area is $210,000 - $235,000. Final compensation is unique to each individual and will be determined based on factors such as experience, education, geographic location, and contractual requirements.

Schedule

This is not a guarantee.

Benefits

  • Health/Dental/Vision
  • 401(k)
  • Paid Time Off
  • STD/LTD/Life Insurance/Voluntary Life Insurance
  • Stipends
  • Referral Bonuses
  • and more.

Company

BCore is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation or any other characteristic protected by law.

Similar jobs