ISSO - Information Systems Security Officer
Description:
Design. Disrupt. Repeat.
Be an agent of change on a team committed to achieving client-focused, mission-driven excellence. Steampunk is the explosive collision of human-centered design and traditional government contracting. We are an employee-owned company with a startup mindset and time-tested approaches tailored for the federal government. We’re passionate about creating solutions that are impactful, practical, and scalable while meeting our clients’ ever-changing needs. We believe in empowering our people to find creative solutions to intractable problems. We believe the best environment in which to grow and thrive is outside our comfort zone. We believe that while good design makes for a good product, human-centered design makes for an excellent one.
Why Steampunk?
Our people are the very core of what we do; their expertise and hunger for new and exciting challenges fuel our relentless pursuit of mission success. As part of our team, you’ll test the status quo, explore new boundaries, and set the bar high for how government clients expect to engage with contractors.
Contributions
Steampunk is looking for you to join our team as a Information System Security Officer. In this role you'll be working with other clients, contractors, and Steampunk's to support mission critical systems. You'll be an imbedded team members with a system team and will be responsible for assisting and working with this team to identify cybersecurity threats to the system, making recommendations for corrective actions, and implementing solutions to keep mission critical systems safe and secure.
The successful candidate has IT experience with NIST 800-37,” Guide to Applying Risk Management Framework to Federal Information Systems,” NIST 800-53rev4 “Security and Privacy Controls for Federal Information Systems and Organizations,” NIST 800 160 “Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems.” This candidate must be well versed in applicable laws and standards such as HIPPA and HITECH to implement secure applications, and networks. They must have familiarity and experience in the implementation of cyber security requirements to follow FISMA and FedRAMP guidelines.
Additional Details of the Role:
Security engineering team technical lead as the single point of contact with a federal customer
Deep understanding of the RMF process and ability make recommendations and clearly articulate them to customers and security engineering teams for tasking
Implement the Cyber Security requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments.
Ability to perform security analysis to determine gap, compensating/mitigating controls, and residual risk
Identify security risks through the security impact analysis, system risk assessments and technology security risk reports.
Implement IT security solutions and assures successful implementation
Apply knowledge of security principles, policy, and regulations to daily tasking
Conduct security compliance evaluations on IT products using all source analysis, test lab, and apply test results to create secure configuration guidelines and baselines.
Apply knowledge of security principles, policy, and regulations to daily tasking
Effectively and efficiently communicate and collaborate with external and internal customers of any hardware and software configuration changes that adversely affect any current system security and their configurations or violates policy
Qualifications
Qualifications and Education Requirements
Bachelor’s Degree or higher in computer science, electronics engineering, or other engineering or technical discipline
8+ years of experience is required. An additional six (6) years’ experience may be substituted for degree requirement.
Required CISSP
Excellent communication skills with executive leadership at a federal agency (GS-15 and above)
Experience working with:
Networking concepts, protocols and security methodologies
NIST 800-53rev4, NIST 800-37; FISMA, and FedRAMP requirements
Resource management principles and techniques to meet deliverables deadlines efficiently to provide quality products.
DISA Security Requirements Guides (SRGs), Security Technical Implementation Guide (STIGs), and Center for Internet Security (CIS) Benchmarks
Demonstrated experiencing managing and leading small technical teams
Must have technical knowledge using network security scanners, SCAP scans, vulnerability scanners, packet analyzers, and penetration testing methods.
One or a combination of the following experience in administration/engineering of operating systems, database systems, and network systems
Risk Management Framework RMF
Expert technical knowledge of risk management, and information security concepts and technologies
Experience with Cyber Security document management and familiar with security and privacy rules
Excellent analytical and problem-solving skills
Ability to facilitate and coordinate efforts with key government and non-government stakeholders
Self-starter that can work under general direction in a highly collaborative, team-based environment
Ability to obtain and maintain a Public Trust clearance
Previous Government contracting work experience
About
steampunk
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.