Information System Security Officer
Clearance: TS/SCI w/ Polygraph
Apply for this position:
Send a Microsoft Word copy of your resume to: HR@zavda.com
Zavda was founded in 2006 and is a SDB certified, Service Disabled Veteran owned, and Woman owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sector. Zavda is looking for an Information System Security Officer to come join our team.
Responsibilities include, but are not limited to:
- Support the government in complying with Agency Systems Security Certification & Accreditation (C&A) processes, to include discovery meetings, achieving Interim Approval to Test (IATT) and in obtaining final Approval to Operate (ATO) status for Systems Security Plans (SSP) associated with all mission systems
- Work with all appropriate agency elements to gain successful accreditation and maintain continuous monitoring activities
- Provide expertise with agency C&A policy, processes & tools
- Develop and maintain documentation required for C&A
- Update and maintain SSP documentation
- Fill roles of Information Systems Security Officer (ISSO)
- Manage all security relevant changes to the mission systems, assuring SSP documentation is up-to-date and ATO status is maintained
- Shall have a bachelor’s degree in a related field (e.g. Business Management, Computer Science, Electrical Engineering, Information Management, Program Management etc), or two (2) years of additional relevant experience above all experience requirements listed, in lieu of a Bachelor’s degree.
- Shall have three (3) years of direct experience with an intelligence community or signals intelligence activity.
- Shall have eight (8) years’ experience integrating information assurance disciplines into the system design, development, integration, and implementation.
- Shall have two (2) years’ experience identifying Information Protection needs and define System Security Requirements; designing System Security Architecture; developing detailed Security Designs (including system security certifications and project evaluations).
- Shall have two (2) years’ experience with Defense in Depth principles and technology including access/control, authorization, identification and authentication, public key infrastructure, network, and enterprise security architecture.
- Shall have four (4) years’ experience developing security plans for employing enterprise-wide security architecture.
- Shall have four (4) years’ experience assessing and auditing network penetration testing antivirus planning assistance, risk analysis and incident response.
- Shall have four (4) years’ experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis.
- Shall have four (4) years’ experience with the NSA Certification and Accreditation process (NISCAP).
- Shall have three (3) years’ experience enforcing the design and implementation of trusted relationships among external agency systems and architectures.
- Shall have two (2) years’ experience in the implementation of cross domain solutions e.g. an information assurance solution that provides the ability to manually and/or automatically access and/or transfer between two or more differing security domains.
- Shall have two (2) years’ experience developing systems that process information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.
- Shall have two (2) years’ experience in network security certifications.
- Shall have two (2) years’ experience in system certifications.
- Shall have five (5) years’ experience applying of Federal, NSA, intelligence community and DoD Information Security regulations, publications, and policy.
- Shall have at least one Information Security related certification (Security+, CISSP, CISM).
- Experience w/NESSUS in a complex network environment as well as Security Center version 5.X
- Strong Linux skills
- Strong understanding of vulnerability assessment and penetration testing
- Experience tailoring Scan Policy NESSUS/Security Center
- Experience with both compliance and vulnerability scanning
- Knowledge of cloud computing platforms
Desired, Preferred Experience:
Zavda is a small business and an equal opportunity employer- Veteran/Female/Minorities/Individual with Disabilities. With Zavda you have the opportunity to provide dependable solutions and support that with benefit the national security missions. Zavda prides itself to providing continual professional growth and success for the Zavda Team.