Senior Information Systems Security Officer
Fully Remote Silver Spring, MD
Description

About Zen:  

Own your opportunity to work with a client-focused agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure. Zen Strategics, LLC is a cleared, minority-owned SBA 8(a) specialized consulting firm, offering innovative Cybersecurity, Cloud Migration, and Information Technology Modernization. We are a leading organization committed to delivering innovative solutions and ensuring the highest standards of security for our customers' digital assets. We are dedicated to staying ahead of evolving cyber threats and protecting our clients' data with cutting-edge technologies and proactive security measures.??  


Position Description:  

Seize your opportunity to make a personal impact as an Information Systems Security Officer, Senior. Zen is your place to make meaningful contributions to challenging projects and grow a rewarding career. As an Information Systems Security Officer, Senior, you will be responsible for ensuring leverage their technical expertise by performing or reviewing technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.  As an ISSO, you will validate and verify system security requirements definitions and analysis, as well as establish system security designs. 

Requirements

 

Responsibilities:  

As an Information Systems Security Officer, Senior, you’ll be Zen’s expert, designing, developing, implementing, and/or integrating IA and security systems and system components, including those for networking, computing, and enclave environments such as those with multiple enclaves and with differing data protection and classification requirements. Building IA into systems deployed to operational environments. Assisting architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of OCIO security policy and enterprise solutions. Supporting the building of security architectures. Enforcing the design and implementation of trusted relations among external systems and architectures. Assessing and mitigating system security threats and risks throughout the program life cycle. Contributing to the security planning, assessment, risk analysis, risk management, and certification and awareness activities for system and networking operations. Reviewing certification and accreditation (C&A) documentation and providing feedback on completeness and compliance of its content. Participating as a security engineering representative on engineering teams for the design, development, implementation and/or integration of IA architectures, systems, or system components. Applying knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments. Interacting with the customer and other project team members. Supporting the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures. Providing and supporting security planning, assessment, risk analysis, and risk management. Identifying overall security requirements for the proper handling of Government data. Recommending system-level solutions to resolve security requirements. Supporting security authorization activities in compliance with the NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering.  

Required Education/ Qualifications: 

  • Education: BS in Information Technology, Computer Engineering, or Cybersecurity preferred 
  • Experience:  
  • Knowledge of DOC and NOAA OCIO security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards. 
  • At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools. 
  • Expertise in applying system security engineering expertise in most or all of the following: 
  • System security design process 
  • Engineering life cycle 
  • Information domain 
  • Cross domain solutions 
  • Commercial off-the-shelf (COTS) and Government off-the-shelf (GOTS) 
  • Cryptography 
  • Identification 
  • Authentication and authorization (A&A) 
  • System integration 
  • Risk management 
  • Intrusion detection 
  • Contingency planning 
  • Incident handling 
  • Configuration control 
  • Change management 
  • Auditing 
  • Certification and accreditation (C&A) process 
  • Principles of IA (confidentiality, integrity, non-repudiation, availability, and access control) 
  • Security testing 
  • US Citizenship Required.  
  • Certifications:  
  • Must possess at least one IASAE II level professional certifications; 
  • CASP CE – CompTIA Advanced Security Practitioner 
  • CISSP (or Associate) ISC2 - Certified Information Systems Security Professional 
  • CSSLP ISC2 – Certified Secure Software Lifecycle Professional 
  • IASAE III Level, at least one preferred  
  • CISSP-ISSAP – ISC2 CISSP Information Systems Security Architecture Professional 
  • CISSP-ISSEP – ISC2 CISSP Information Systems Security Engineering Professional 

If you do not possess one of the certifications above, you must provide documentation showing you have already taken training and copy examination scheduled.  You must pass the exam prior to joining Zen Strategics.  

  • Strong written and verbal communication and collaborative team interpersonal skills. 
  • Proficiency in handling multiple tasks concurrently. 
  • Successful completion of background investigation without any adverse findings are required. Knowledge of and experience with the technical and administrative information system security requirements for high impact, high availability systems in government organizations is required.