ECS is seeking an Information System Security Officer (ISSO) - Lead to work in our Suitland, MD office.
Responsibilities include the Design, development, testing, and evaluation of information system security throughout the systems development life cycle.
- Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
- Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
- Assess the effectiveness of cybersecurity measures utilized by system(s).
- Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
- Build, test, and modify product prototypes using working models or theoretical models.
- Conduct Privacy Impact Assessments (PIAs) of the application's security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
- Design and develop cybersecurity or cybersecurity-enabled products.
- Design hardware, operating systems, and software applications to adequately address cybersecurity requirements.
- Design or integrate appropriate data backup capabilities into overall system designs and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
- Develop and direct system testing and validation procedures and documentation.
- Develop detailed security design documentation for component and interface specifications to support system design and development.
- Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
- Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
- Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
- Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements.
- Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find workarounds for communication protocols that are not interoperable).
- Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
- Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
- Implement security designs for new or existing system(s).
- Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts).
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide guidelines for implementing developed systems to customers or installation teams.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
- Provide support to security/certification test and evaluation activities.
- Utilize models and simulations to analyze or predict system performance under different operating conditions.
- Design and develop key management functions (as related to cybersecurity).
- Analyze user needs and requirements to plan and conduct system security development.
- Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.
- Employ configuration management processes.
- Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
- Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
- Design to security requirements to ensure requirements are met for all systems and/or applications.
- Develop mitigation strategies to address cost, schedule, performance, and security risks.
- Perform an information security risk assessment.
- Perform security reviews and identify security gaps in architecture.
- Provide input to implementation plans and standard operating procedures as they relate to information systems security.
- Trace system requirements to design components and perform gap analysis.
- Verify stability, interoperability, portability, and/or scalability of system architecture.
- Bachelor's degree
- Secret Clearance (Interim);
- 7-10-years of experience in Cybersecurity Assurance
- CISSP certification
- Travel as requested
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.