Job Description:
• Provide security support for DOJ’s external customers, ensuring an appropriate operational security posture for information systems.
• Work closely with the Director of Information System Security to advise on cybersecurity policies, compliance, and risk management while supporting the ongoing security of DOJ/OIG systems.
• Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results.
• Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies.
• Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA).
• Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM.
• Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts.
• Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies.
• Monitor and execute operations and maintenance of information systems, including secure system disposal.
• Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans.
• Conduct vulnerability scans, review security reports, and implement remediation strategies.
• Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools.
• Ensure all security assessment and audit reports are properly uploaded in CSAM.
• Participate in configuration management processes, policy audits, and system log reviews.
• Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks.
Requirements:
• Minimum 5 years of experience as an ISSO.
• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience).
• Security+ or equivalent/higher-level certification (current).
• Strong understanding of Information Security Policies and Procedures.
• Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance.
• Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies.
• Proficiency in security tools, risk assessments, and vulnerability management.
Benefits:
• Equal Opportunity Employer
• E-Verify Employer
Apply Now
Apply Now