OCT Consulting LLC

Post Quantum Crypto ISSO

OCT Consulting LLC

full-time

Posted on:

Location Type: Remote

Location: Remote • District of Columbia, Washington • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

Cyber SecuritySDLC

About the role

  • Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.
  • Research assigned IT security systems to provide insight into IT security architectures and IT security recommendations for assigned systems.
  • Schedule and co-lead screen-sharing sessions with engineering support and system stakeholders to gain a full understanding of a system’s technology stack
  • Oversee and manage relationships with vendors for assigned contractor-owned and contractor-operated systems, ensuring vendors comply with agency security and privacy requirements.
  • Assist stakeholders with IT security-related activities to ensure project deadlines are met.
  • Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings.
  • Ensure security activities and change management tasks are implemented throughout the SDLC from beginning to end.
  • Ensure all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
  • Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
  • Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle
  • Report and respond to security incidents.
  • Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched, and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are remediated as appropriate.

Requirements

  • Must have **one** of the following active certifications: CISSP, CISA, CISM, CCSP, CAP / CGRC
  • A minimum of three (3) years of technical experience in defining security program requirements or processes for the protection of sensitive or classified information. Competent to work in most phases of network, systems or application information assurance.
  • A minimum of three (3) years of experience performing functions and responsibilities as an ISSO or ISSM for systems that at least have a Moderate FIPS 199 categorization
  • Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional two (2) years of relevant experience.
  • Intermediate to advanced knowledge of Systems and Communications Protection security control implementation.
  • Have detailed knowledge of NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices.
  • Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences.
  • Ability to communicate, both written and oral, to both technical and non-technical stakeholders.
  • Good understanding of and experience with applying FISMA and NIST Cybersecurity framework and requirements.
  • Experience in developing Information Security policies and procedures.
Benefits
  • Medical, Dental, and Vision insurance
  • Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary
  • Paid Time Off and Standard Government Holidays
  • Life Insurance, Short- and Long-Term disability benefits
  • Training Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
IT securitysecurity program requirementsnetwork information assurancesecurity control implementationvulnerability assessmentsecurity documentation developmentaudit supportchange managementSDLCincident response
Soft skills
written communicationoral communicationstakeholder managementcustomer supportteam collaborationorganizational skillsproblem-solvingrelationship managementleadershiptechnical communication
Certifications
CISSPCISACISMCCSPCAPCGRC