ISSO/ Information Security Analyst

ASRC Broadleaf is seeking a skilled Information System Security Analyst (ISSO) to join their team in Washington D.C. The ISSO will be responsible for providing comprehensive information assurance support and cybersecurity expertise, particularly in the realm of Cybersecurity-Supply Chain Risk Management (SCRM). The role includes supporting various cybersecurity initiatives, ensuring compliance with federal information security policies, and aiding in the development and implementation of security strategies.

Key Responsibilities Include

• Supporting Cybersecurity-SCRM by providing expertise in federal information security policies and emerging cybersecurity technologies.
• Assisting with Risk Management & Analysis Support Services (RMASS), including participation in related meetings, seminars, and conferences.
• Providing expert knowledge on Department of Defense (DoD) and Federal Civilian Government cybersecurity policies and procedures.
• Offering subject matter expertise for Cybersecurity-SCRM policies and procedures for GSA and client agencies.
• Contributing to the development and implementation of enterprise-wide and system-level cybersecurity strategies.
• Reviewing new or modified legislation, directives, and policies to ensure compliance with federal security requirements.
• Analyzing potential security impacts of changes to emerging cybersecurity guidance and mandates.
• Providing continuous monitoring support for GSA FAS ITC internal and external systems and applications.
• Assisting with the development of organizational metrics, policies, and procedures related to IT security.
• Supporting planning and implementation of IT systems security controls and the deployment of automation tools.
• Responding to and mitigating security risks based on ongoing monitoring activities.
• Updating and reviewing security documentation, including security plans, assessment reports, and POA&Ms.
• Validating that IT systems are patched and hardened according to GSA guidelines.
• Ensuring that IT systems staff are current with security training requirements.
• Well versed in the use of Google and Microsoft applications. This includes, but is not limited to, google apps, MS Word, Visio, Excel, PowerPoint, programming, flow charts, architectural diagrams, macros, slides, Photoshop, graphical diagrams, etc
  
  

Candidates must have significant experience in performing security assessments, familiarity with DoD, FISMA, NIST standards, and the ability to integrate threat intelligence into security assessments.

Requirements

BASIC QUALIFICATIONS:

• Must have at least 5 years experience
• Significant experience performing security assessments
• Performing assessments in support of acquisition activities
• Knowledge of DoD, FISMA, NIST, and other assessment standards and frameworks
• Preparing assessment documentation, leading accreditation through established process
• Demonstrated experience incorporating threat intel into security assessments
• Ability to prepare and brief senior agency officials, acquisition staff, and general public
• Experience writing System Safety Program Plan (SSPP)
• Experience getting systems accredited and authorized to operate on federal networks
  
  

Certification(s)

• IAT Level III (CISSP preferred)
  
  

Education Requirements

• Bachelor’s Degree
  
  

Clearance Level

• T2 background investigation (Public Trust)