Information System Security Officer (ISSO)
Consulting - Technical Solutions
Primary Location: Reston, VA
Clearance: Top Secret/SCI (CI Poly preferred)
Citizenship: US Citizenship Required
Education/Experience: HS and 12+ yrs relevant experience; OR Associates and 10+ yrs relevant exp; OR Bachelors and 8+ yrs relevant experience; OR Masters and 6+ yrs of relevant exp; OR PhD and 4+ yrs of relevant exp. DoD 8750.01 IAT III (CISSP, CISM, or CASP) and Computer Network Defense (CND) (CCIA, CEH, CISA or GSNA).
Are you a talented and professional Information System Security Officer (ISSO)? You will be responsible for supporting IC ITE solution and strategic adherence to all aspects of the Information Assurance (IA) program as stipulated by various USG requirements including (but not limited to): Director of Central Intelligence Directives (DCID), Intelligence Community Directive (ICD) 503 and associated NIST publications. Preparation of Assessment and Authorization (A&A) documents and procedures. Interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel, and government security representatives.
We are the prime contractor on a 5-year program, leading an interdisciplinary project team of 50+ highly qualified individuals. We are responsible to assess and prioritize application migration, modernization, standardization, and retirement; drive changes and improvements in platform and mission and business applications. We create and leverage IC ITE services for increased cloud migration and adoption for applications and support applications in migration to and adoption of IC ITE for global software and platform capabilities of varying size and complexity across multiple classification domains, data centers, and infrastructure platforms.
The Senior Security Engineer will support a large Federal Government Agency, assisting them in their migration of legacy systems to the AWS C2S Cloud. You will have the opportunity to work as part of a fast paced team of world-class engineers to modernize our customer’s global network, infrastructure and services by applying your A&A skills. You will have the opportunity to shape, influence and enable Cloud Migration Governance security compliance policies and to streamline the traditional RMF process by stewarding DevOpsSec concepts
Berico is not your ordinary, stuffy Washington DC Government Contractor. As a small business, Berico is more like a family. We work out of a new modern/industrial office. We are an Amazon Web Services Standard Partner, and a Cloudera Silver Partner. We love DevOps, and leverage the latest open source technologies. We manage our own open source project: CLAVIN. We only hire the best people who share our intense passion for delivery. We care about work/life balance, and have regular company gatherings. We play board games and XBox in the office to clear our minds. We are a recognized innovator by the Northern Virginia Technology Council (NVTC). We are a two-time Best Places to Work awardee. We have unparalleled benefits for health, vision and dental, and support flexible work hours. We will sponsor up to $5k in annual training & certifications on technologies we use and want to build competencies in, and provide free access to learning materials like Linux Academy. We send high-performers to conferences. Come work with us, and you’ll be empowered to make an impact; you’ll have the freedom and flexibility to grow professionally and to take the company in new directions. We’re very excited to identify the best fit for our team, solve hard problems, and geek out!
- Subject Matter Expert in Assessment and Authorization using Risk Management Framework (RMF) and/or Intelligence Community Directive (ICD) 503, and DISA Security Technical Implementation Guidance (STIGs)
- Successfully performed A&A at DoD and IC organizations on modern IT systems/architectures, coordinating the process between Security Controls Assessors (SCAs) and development teams, managing and contributing to System Security Plans, Security Control Traceability Matrices, User Acceptance Testing, Software/Security Configuration Management, etc.
- Demonstrated experience working with Xacta, and familiarity with associated policies/procedures and workflows
- A track record of increasing professional responsibility, managing A&A activities independently or as part of a team
- A working knowledge of standard security mechanisms for compliance such as public key infrastructure, encryption, network access control lists, whitelisting, blacklisting, identity and access management, etc.
- A working knowledge of security assessment tools that provide Code and Environment Vulnerability Scanning (i.e. ACAS/Nessus, SCAP, SonarQube, Fortify, etc), Dependency Checking (i.e. OWASP Dependency Checker), Unit/Regression Testing and Code Coverage (Selenium, Cucumber, CloudChecker, Emma, SonarQube, etc).
- Possess and maintain the Certified Information Systems Security Professional (CISSP) or comparable certification
- Understanding of classified IT networks, systems, terminology and the Software Development Life Cycle (SDLC)
- Familiarization with Federal Information Processing Standard (FIPS) 199 and 200, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems‟, Committee on National Security Systems Instructions (CNSSI) 1253, and NIST SP 800-53 Revisions 3 and 4, SP 800-39, SP 800-30 Create and maintain Plan of Action and Milestones (POA&M) to resolve security findings within a defined schedule as needed.
- Review and develop standard operating procedures and work instructions, as well as other deliverables
- Provide briefings on related security topics
- Creates and fosters a collaborative environment
- Must be able to manage multiple priorities and complex tasks in a dynamic work environment
- Ability to build strong working relationships across all levels of the organization internally and with partners externally
- Experience working in an Agile environment
- Experience with modern "cloud" technologies
- Meet the minimum requirements and have a strong work ethic and willingness to learn
- Are team-oriented, and passionate about security controls
- Are confident and willing to tactfully and respectfully communicate with others
- Are willing to gain a solid understanding of all security requirements and work across multiple teams
- Work well in Agile SCRUM environments
- Can work well with a wide variety of customers and personality types
- Very competitive salary based on qualifications and experience
- Comprehensive, medical, dental, vision and prescription coverage for you and your family.
- 401(k) & 4% match (vested day 1)
- 15 day paid time off (plus 10 Federal holidays)
- Individually focused training paths
- Annual book allowance and online technical and business library subscriptions
- Employer paid parking (at HQ locations)
- Tuition reimbursement program
- Many company happy hours and parties
- Company Sponsored Conferences
- Flexible schedule (Based on supervisor approval)
- Plus Much More!
Berico Technologies is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individual with Disabilities. We emphasize recruiting, hiring, and retaining the most qualified candidates and providing them with the opportunity to meet their potential. We provide an environment where diversity leads to innovation.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
US CITIZENSHIP REQUIRED