
Information Systems Security Officer - Senior at ECS. Location Information: Work from home, VA. . ECS is seeking an . Information Systems Security Officer - Senior . to work . remotely. . . . . . ECS is looking for an experienced Information Systems Security Officer (ISSO) to join our team supporting multiple platforms to attain and/or maintain their ATOs. The ISSO will be critical in protecting our DHS customers’ information systems and ensuring compliance with federal cybersecurity regulations and policies. The ideal candidate will have a strong background in federal cybersecurity, with at least five years of hands-on experience developing, documenting, and managing Authorization to Operate (ATO) packages for federal information systems. . . . . Responsibilities. . . . Develop, prepare, and update RMF authorization packages and security documents in accordance with NIST SP 800-53 Rev. 4/5, particularly those associated with NIST’s Risk Management Framework and FedRAMP. . . Applies extensive knowledge of a variety of the Cybersecurity field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems. . . Manage the Authorization to Operate (ATO) process throughout the system lifecycle, including initial authorization, reauthorization, and continuous monitoring activities. . . Conduct security assessments and information system security oversight activities, identifying potential security weaknesses and recommending improvements. . . Develop and maintain critical security documentation, such as System Security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Plan of Action and Milestones (POA&M). . . Serve as the primary point of contact for government clients and stakeholders on cybersecurity and compliance matters. . . Coordinate with system owners, developers, engineers, and other stakeholders to implement security controls and ensure compliance with security requirements. . . Manage POA&Ms, tracking remediation efforts and escalating risks as necessary. . . Ensure the collection, review, and documentation of audit records, using financial audit standards, classified system IA requirements and Privacy Act requirements. analyzing anomalies and ensuring proper remediation. . . Monitor system security configurations, audit logs, and patch management for compliance and threat detection. . . Vulnerability scanning execution, assessment, and analysis . . Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide . . Area Networks [WAN]) . . Stay abreast of evolving security and risk management standards, including NIST, DoD, FISMA, FIPS, guidelines, and apply relevant changes to existing processes. . . Provide configuration management recommendations for security software, hardware, and firmware. . . Support . incident response. efforts and forensics investigations. . . Provide input to cybersecurity policy and process development and support user training and awareness initiatives. . . . Salary Range: $145,000 - $145,000. . General Description of Benefits. . . Qualifications. . . Bachelor's Degree in Computer Science, Information Systems, Cybersecurity, or a related field. . . No Degree: 10 years of Cybersecurity & FISMA experience . . Bachelor’s Degree: 8 years of Cybersecurity & FISMA experience . . Master’s degree: 6 years of Cybersecurity & FISMA experience . . Proficient in the Risk Management Framework (RMF) and all associated tools (e.g., eMASS, Xacta, ACAS, Splunk, DISA STIGs, SCAP, STIG Viewer). . . Experience with cloud security requirements and compliance in federal environments (e.g., FedRAMP, AWS, Azure). . . Strong understanding of federal cybersecurity policies, regulations, and guidelines, such as NIST 800-53 Rev. 4/5, FISMA, and DoD directives. . . Professional security certification such as CISSP, CISM, CompTIA Security+ CE, SSCP, CEH, CASP, CISA or higher, in compliance with DoD 8140 requirements. . . Experience interpreting vulnerability scans (e.g., ACAS, Tenable Nessus, SCAP) and developing remediation plans. . . Excellent written and verbal communication skills, including the ability to present complex technical information to diverse audiences. . . Demonstrated ability to work independently and collaboratively in a fast-paced, deadline-driven environment. . . Outstanding problem solving and analytical skills, including ability to create clear observations, analysis and conclusions based on customer interviews and data. . . Minimum Education: Possesses one of the following professional security certifications:. . . Certified Information Systems Security Professional (CISSP). . Certified Information Security Manager (CISM) . . Certified Ethical Hacker (CEH). . CompTIA Advanced Security Practitioner (CASP). . Systems Security Certified Practitioner (SSCP). . Certified Information Systems Auditor (CISA). . Similar security professional certifications must be approved by the Federal PM . . . . .