Previous Job
ISSO Specialist
Ref No.: 18-00027
Location: Washington, District of Columbia
Position Type:Contract
Experience Level: 5 Years
Start Date: 02/04/2018
Location: Washington, DC. (Chinatown)
Rates: Negotiable based on experience
Education: Four (4) year degree in a relevant field in an accredited institution
Certification: CISSP or CISA certification required
Experience: Experience of five (5) or more years in related field, not less than three (3) years of experience performing IT Security ISSO duties, continuous monitoring as well as assisting in the testing, assessing, and documenting government IT systems for Certification and Accreditation according to NIST Special Publication 800-53a.
Security Clearance: Must be Clearable for DOJ Public Trust
Telecommute Options: 1-2 days per week
Preferred: Candidate also have hands-on technical experience in the operation, maintenance and security configuration of technologies.
Experience with the following:
  • The ISSO is assigned specific areas of responsibility based on system accreditation boundary. The ISSO:
    • Shall provide guidance to System Owners and Information System stakeholder in achieving Authority to Operate Accreditation.
    • Shall ensure that users and system administrators of the system(s) or network(s) are provided the appropriate annual network security and/or IT professional training.
    • Shall maintain security documentation and monitor the security posture of the system.
    • Shall represent the System Owners during all change control procedures, ensuring that the System Life Cycle requirements are followed.
    • Shall monitor the Operation and Maintenance of the system, including vulnerability enumeration and remediation by system administration staff assigned to EASD, EADD, BTCD or Bureau/Office contractors. This Continuous Diagnostics and Monitoring (CDM) shall be accomplished according to DOJ Information Security Continuous Monitoring (ISCM) guidance.
    • Assemble disposal documentation package for disposal of information systems in accordance with security policies and practices outlined in the approved accreditation package.
    • Develop all certification and accreditation documentation (as described in DOJ Certification and Accreditation Handbook, Chapter 3 and Appendix C) and maintain the System and Enterprise Architecture (EA) Infrastructure Security Plan (SSP).
    • Conduct periodic reviews (self-assessments), on at least an annual basis, to document System Security and Infrastructure Plans for compliance.
    • Disseminate, control, and manage the responsive issuing of user identifications and passwords for assigned systems, and provide system administrators authorization list(s) for implementation.
    • Ensure that system and all operational infrastructure security requirements are addressed during all information system life cycle phases.
    • Manage incident response for assigned systems, ensuring identification, analysis, notification, remediation, documentation, closure and lessons learned according to DOJ and OJP procedures