ISSO

Gaitherburg, MD
Full Time
Experienced
The ISSO conducts security and risk assessments as required using a range
of security accreditation frameworks (e.g., NIST, RMF, Common Criteria,
DoD, the Intelligence Community Directives (ICDs)), and works to mitigate
risks by applying security controls effectively to achieve an acceptable degree
of operational risk. As part of this process, the ISSO performs testing and
security assessments to sustain required accreditations. The ISSO promotes
the use of secure hardware and software within the systems affected by
government and corporate approval standards. The ISSO works to ensure all
required security policies and practices are effectively applied to systems and
ensures security controls implementing these policies are applied and achieve
the proper levels of confidentiality, integrity, availability, and privacy protection
throughout the system life cycle.

The ISSO also assists with the execution, analysis, and remediation activities
for the vulnerability management program (scanning, assessment, reporting,
and mitigation verification) that spans different accreditation entities, three
distinct classification domain enclaves (U), (S) and (TS), using the Nessus
and Tenable-ACAS vulnerability scanning tools.

Primary Responsibilities:

● Develops risk mitigation strategies that contribute to the
effectiveness, efficiencies, and performance outcomes for strategic
projects, program goals, and business processes.
● Must be able to quickly respond to the needs for updates and
maintenance of security documentation, especially System Security
Plans, Plans of Actions and Milestones (POA&Ms); Security Impact
Assessment for proposed system changes, and Concept of

Operations that identify and explain how each system satisfies its
assigned security control baselines.
● Maintains system security plans and related configuration records in
customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-
CIO security tools.
● Drives necessary security changes through steering groups and
control (review) boards to meet Risk Management milestones.
● Can work independently as well as collaboratively to drive security
process improvements, especially to address gaps in meeting
customer or Leidos security requirements and meet due diligence
responsibilities.
● Provides guidance and engages the program lab team to implement
secure software and hardware processes, apply government security
standards, and commercial best security practices.
● Resolves highly complex security problems by applying technical
knowledge, conceptualizing, reasoning, and interpretation of
requirements.
● Communicating with Leidos and NGA leadership (internally or client)
regarding matters of significant importance to the
organization/project.
● Apply in-depth understanding of information security technical
principles, theories, concepts, and their application across a range of
programs.
● Develop and maintain security documentation per NGA/IC/DoD-
DISA/NIST/Industry standards and policies.
● Initiate and coordinate all Assessment and Authorization (A&A) and
renewal activities working with the NGA Designated Authorization
Officials (DAO or DAOR).

● Address any Information Assurance or Cybersecurity notices, orders,
tasking, or directives as required following the NGA operations
vulnerability and patch management processes.
● Measure effectiveness of defense-in-depth architecture and Zero
Trust policy implementations against known vulnerabilities.
● Perform security audits and assessments, including creating,
tracking, and assisting in remediation of Plan of Action and
Milestones (POA&Ms).
● Coordinate with System Administrators and others to remediate all
vulnerabilities and report results. Track open vulnerabilities and
obtain and document approvals while managing POA&M status.
● Update Security CONOPS and Information Technology Disaster
Recovery (ITDR) plans for each Security Plan.
● Manage security profiles and implementation for systems and
services scheduled for Assessment and Authorization (A&A).
● Work with the Systems Engineers and Administrators, Senior ISSO,
ISSMs, Lab Team, and Leidos Corporate Security as required to
develop and maintain security plans and associated documentation.
● Maintain records and documentation on program IT systems,
upgrades, patches, and connectivity configurations.
● Evaluate security solutions and implementation strategies for
program IT systems and services and maintains operational security
posture of development, integration, and deployed capabilities.
● Provide training and approve user access and IAA (identification,
authorization, and authentication) mechanisms for information
systems.

Basic Qualifications:

US citizenship is required per contract.
● BS degree and 8 to 12 years of prior relevant experience to operate
within the scope of responsibilities.
Active TS-SCI clearance with Polygraph
● NGA experience desired.
● Experience that demonstrates an understanding and application of
the ICD-503 and NIST risk management framework.
● Experience desired with the following systems/platforms/tools:
XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK.

Preferred Qualifications:

● Has 3+ years of experience operating, analyzing, and resolving
vulnerability scan results using tools such as Nessus, Tenable
Security Center, or a comparable commercial or GOTs product.
● Active Certified Information Systems Security Professional (CISSP)
certification or ISACA Certified Information Security Manager (CISM)
certification.
● Intelligence Community experience preferred.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*