Job Description

Description

Jacobs has an opening for a Senior Information System Security Officer to support our team in Herndon, VA/Remote.
Duties/Tasks and Responsibilities:
Contractor ISSO assisting as a Senior Resource to assist the Government ISSOs in their day-to-day operations.
Assists in the Security Control Assessment (SCA) process for the Information Systems and Government ISSOs.
Assists in the developing and evaluation of security documentation including System Security Plans, Disaster Recovery Plans, Contingency Plans, Incident Response Plans, System Inventory documentation etc.
Provides expert advice on a wide range of technologies and platforms while working closely with cross-functional teams to help resolve system issues
Assists with the completion and remediation of Plan of Action and Milestones (POA&Ms) both vulnerability related POA&Ms and policy/procedure based POA&Ms.
Participate in project status meetings supporting ongoing operational or new system development activities.
Assists with account provisioning and maintenance.
Assists the Government ISSOs in responding to internal and external audit requests for their Information Systems from FISMA, OIG, GAO and FISCAM.
Performs continuous monitoring activities including reviewing scan results on an ongoing basis and assists in remediation efforts.
Performs technical risk assessments for planned system changes or when security vulnerabilities are uncovered or suspected.
Conducts and reviews vulnerability scans (Nessus, Web Inspect, DbProtect, Qualys and Splunk), ensuring recommendations to senior leadership are provided and followed up on.
Pro-actively monitors CERT and similar organizations for potential vulnerabilities that could impact assigned systems and develop mitigation plans.

QUALIFICATIONS
Qualifications:

Associate of Science degree in Information Technology, IT Security, Network Systems Technology or related field or 2 years' experience in lieu of degree plus four (4) to seven (7) years of directly related experience or any equivalent combination of education, experience, training and certifications.
At least 5+ years of experience in information security.
At least 5+ years of experience in reviewing and evaluating security documentation.
At least 5+ years of functional experience working with systems life cycle methodology.
At least 3-5+ years of experience managing and closing POA&Ms, both vulnerability related and process/procedural.
Working knowledge of the NIST Risk Management Framework (RMF) and Continuous Diagnostics and Mitigation (CDM) requirements.
Experience and general knowledge of Nessus, DbProtect, HP Web Inspect, Qualys and Splunk evaluating and interpreting the results of vulnerabilities.
Cybersecurity Certifications are a plus.
5+ years of experience supporting security control assessments based on guidance such as NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
Extensive experience or functional familiarity with guidance associated with developing A&A packages, FISMA, FedRAMP and NIST control implementation statements
Superior written and oral communication skills.
Ability to mentor and lead staff.
Experience with taking ownership of system security tasks and meeting deadlines
Provide guidance to ISSO's, engineers, analysts and managers on related programs
Strong technical background with the following:
o Windows systems
o Cloud systems or architectures
o Linux/RedHat systems
o Databases (Oracle, SQL, etc.)
o Financial systems
o Enterprise systems
o Cyber risk management documentation compliance repositories (CSAM, Xacta, eMass, etc.)

Essential Functions:

Physical Requirements:
Most work will be done at a desk or computer.

Work Environment:
General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.

Equipment & Machines:
General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.

Attendance:
Attendance is critical at all times. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

Other Essential Functions:
Must be able to communicate effectively both verbally and in writing
Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.
Must be able to interface with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citiz