Information System Security Officer (ISSO)

Full Time
Eagan, MN
Areas of Interest: Vulnerability Assessment and Management
report a problem
Overview
Responsibilities will include: 
  • Serve as SME to explain vulnerabilities and risk to management and technical resources.
  • Serve as SME to assist in vulnerability remediation and providing written recommendations on how to mitigate risks. Ensuring recommendations are in compliance with customer regulations, guidance, and management directives.
  • Investigate identified vulnerability risks and assist to prioritize vulnerability remediation actions.
  • Assist in compliance efforts (SOX, PCI, FISMA)
  • Complete assigned projects or assignments independently.
  • Communicate goals, build consensus across teams and negotiate remediation efforts and timelines. Assisting with research, documentation, revision, development, evaluation, and implementation of security plans.
  • Providing support to the team lead who works directly with Staff/Program Managers from Corporate Information Security Office (CISO).
  • Researching, developing, implementing and assessing the effectiveness of security policies, procedures, and controls to support customer operations.
  • Assisting with the development of stakeholder communications, e.g., reports, security presentations, executive-level briefings, etc.
  • Collaborating with stakeholders to ensure security issues are addressed correctly.
  • Maintaining relationships among CISO Leadership, Policy and Risk Management, Inspection Service and Postal Service unit managers, security control officers, area security coordinators, and other key deliverable stakeholders.
  • Providing security guidance to internal and external customers.
  • Serving as a liaison between the USPS organizations.
  • Developing measures of effectiveness and measures of performance for the remediation of vulnerabilities
Required Skills:
  • Must be eligible to obtain a sensitive clearance – Position of Public Trust – and may be required to obtain a higher security clearance.
  • 5+ years related experience in security operations and/or vulnerability management..
  • Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
  • Ability to effectively prioritize and execute tasks in a high pressure environment
  • Understanding of security standards and concepts and their practical implications on risk.  Knowledge of security concepts, principles, procedures, methods, and practices to include intrusion prevention and detection, risk assessment tools, closed circuit television, and access control.
  • Understanding of vulnerability scanning and penetration testing and their results.
  • Ability to communicate risks and provide guidance for vulnerability remediation
  • Understanding of common regulatory or standards-based control frameworks such as: PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Knowledge of OWASP, SANS Top 20 Critical Security Controls and NIST Vulnerability Database (CVE & CCE)
  • Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, DNS, etc.
  • Knowledge of Windows and Unix Operating Systems
  • Solid understanding of information, host and network security, common intrusion techniques, and risk management concepts
  • Ability to work within a multi-disciplined team.
  • Proficiency with MS Office Applications.
  • Candidate should also demonstrate attention to detail, have the ability to work independently with minimal supervision and adapt to changes in priorities in a fast-paced environment.
  • Excellent verbal and written communication skills.
  • Excellent interpersonal skill to enable building working relationships.
  • Ability to work in a team environment and work collaboratively across
  • Excellent electronic research skills using search tools, databases, and similar sources to support various customer programs and projects.
Desired Skills:
  • Experience supporting U.S. Government agencies.
  • Ability to assist others in solving problems and work with them to implement the solution.
  • Ability to use interpersonal skills, along with knowledge of the Agency structure and organization, to identify the proper resources to apply to current problems.
  • Required Education (including Major):  Bachelor’s Degree in related field. Two years of relevant work experience may be substituted for each year of degree level education.
  • Prefer IA Manager (IAM) Level II, as prescribed by DOD 8570.1-M, Information Assurance Improvement Program as demonstrated by having one of the following Certifications:
    • CAP
    • GSLC
    • CISM
    • CISSP (or Associate)
  • 2 years of demonstrated experience related to Authorization and Assessment/Certification and Accreditation processes and documentation including Risk Management Framework (RMF) guidelines, directives and security mandates.
  • 3 years of demonstrated experience related to vulnerability notification/identification processes for IAVA, TCNOs, STIGs, etc.
Place of Performance:
  • Eagan, MN
Disclaimer
  
Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.

Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed1



Share this job:

Lunarline, Inc

SOLUTIONS BUILT ON SECURITY
Lunarline is a leading cyber security and privacy provider to the US Federal Government, as well as private industry. Our unique approach to cyber security combines our proven products, specialized services, and certified training together as a complete solution customized for the success of your cyber mission. 
 
For more information, visit www.lunarline.com. 


Follow us on Twitter! @Lunarlineinc 
Become a fan on Facebook! facebook.com/lunarlineinc 
Visit our YouTube channel! http://www.youtube.com/user/LunarlineInc

Specialties
Information Assurance, Security Auditing, Cyber Security Training, Security Engineering, Privacy, Cyber Security, Cloud Security, Certification and Accreditation, Security Architecture, Recovery Planning, Performance Improvement, Penetration Testing, 3PAO
Visit Lunarline, Inc's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Privately Held
Company Size: 51 - 200
2 other jobs with this company: