Overview

The ISSO serves as a Cyber Security Specialist and will perform level III ISSO and/or ISSO support.

Responsibilities

• Ensuring that security requirements for the assigned major application or general support system are being or shall be met. 
• Supporting security authorization activities (also referred to as C&A) of platform and major/minor applications. 
• Performing reoccurring tasks such as weekly backups and provisioning privileged accounts.
• Identifying and leading security initiatives which improve platform security.
• Ensuring compliance with all legal requirements concerning the use of commercial proprietary software, e.g., respecting copyrights and obtaining site licenses. 
• Supporting the development of a Contingency Plan and participating in the Contingency Plan test for the platform and all major/minor applications that reside on the platform. 
• Attending security awareness and related training programs and distributing security awareness information to the user community as appropriate. 
• Reporting IT security incidents (including computer viruses) in accordance with established procedures. 
• Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems. 
• Assisting with NIST/RMF related security tasks.

Qualifications

Job Requirements 

• Bachelor’s Degree in related IT field 

Minimum Years of Relevant Experience 

• Eight years of IA experience; 3 of which must be FISMA-related  

Required Skills 

• Extensive experience with Salesforce, including implementing security measures such as access controls.
• Demonstrated ability to analyze access logs and account permissions and to recommended solutions.
• Demonstrated ability to apply extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems. 
• Knowledge of NIST SP 800 family of publications, particularly those associated with risk management policy and procedures. 
• Experience with evaluating systems, networks, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines. 
• Extensive knowledge and experience with the following criteria: 
  • Web Application vulnerability scan analysis
  • Information security and assurance principles (e.g., Least Privileged, Defense-in-depth) and associated supporting technologies. 
  • Application security and network security.
• Demonstrated ability to assess and weigh current and evolving security threats in an operational environment. 
• Understanding security’s role in the software development lifecycle (SDLC).
• Experience performing Security Impact Analysis (SIA)
• Educate teams on Salesforce security principles and best practices through training and documentation
• Respond to events, participate in vulnerability remediation, and help develop preventative security solutions.
• Knowledge of DHS Information Security Policy Directives and Handbooks. 

Required possession of one or more professional security certifications, including but not limited to: 

• Certified Information System Security Professional (CISSP) 
• Certified Information Systems Auditor (CISA) 
• Salesforce Certified Administrator 

Preferred Skills 

• Demonstrated ability to rely on extensive experience and judgment to plan and accomplish goals. 
• Able to work effectively independently to solve problems quickly and completely. 
• Experience reporting to, communicating with, and/or collaborating with Federal program stakeholders. 
• Experience in supporting, monitoring, and testing software IA problems. 
• Excellent oral and written communication skills.