Information System Security Officer

Description & Requirements

Maximus is seeking a highly skilled Senior Information Systems Security Operator (ISSO) to join our team in Arlington, VA.

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

Key Responsibilities:

• Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).

• Implement media control procedures and continuously monitor for compliance.

• Verify data security access controls and assign privileges based on need-to-know.

• Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).

• Apply and maintain required confidentiality controls and processes.

• Verify authenticator generation and verification requirements and processes.

• Execute media sanitization (clearing, purging, or destroying) and reuse procedures.

• Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII).

• Create and manage the Body of Evidence (BOE).

• Maintain privilege access control logs.

• Create and manage Interconnection Security Agreements (ISA).

• Ensure JSIG compliance of applications within multiple accredited boundaries.

• Track vulnerabilities by creating Plan of Action and Milestones (POA&M).

• Manage the configuration and documentation in the program's instance of Enterprise Mission Assurance Support Services (eMASS).

• Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance.

• Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review.

• Conduct code reviews for database and application development and configuration management activities.

• Analyze events or test results and prepare POA&Ms.

• Integrate project management, configuration management, continuous monitoring, and POA&M processes.

• Prepare reports identifying the results of compliance and performance tests.

• Develop and implement information assurance/security standards and procedures.

• Coordinate, develop, and evaluate security programs for the organization.

• Review information assurance/security solutions to support customer requirements.

• Identify, report, and resolve security violations.

• Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands.

• Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.

Required Skills:

• Per contract requirements candidates must possess an active TS/SCI clearance with the ability to obtain CI Poly.

• A Bachelor's degree in a relevant field (e.g., Computer Science, Inf...