Junior Information System Security Officer (ISSO)

Overview

At Credence, we support our clients’ mission-critical needs, powered by technology. We provide cutting-edge solutions, including AI/ML, enterprise modernization, and advanced intelligence capabilities, to the largest defense and health federal organizations. Through partnership and trust, we increase mission success for war-fighters and secure our nation for a better future.

We are privately held, are repeatedly recognized as a top place to work, and have been on the Inc. 5000 Fastest Growing Private Companies list for the last 12 years. We practice servant leadership and believe that by focusing on the success of our clients, team members, and partners, we all achieve greater success.

Credence has an immediate need for a Junior Information System Security Officer (ISSO) to provide IT professional support for Information System and Security Officer (ISSO) activities, working with the Department of Veteran Affairs (VS) system owners and other operations and maintenance (O&M) staff to ensure compliance with security requirements and standards. The Senior Information System Security Officer (ISSO) will be responsible for ensuring the security posture of VA information systems by managing the full life-cycle of the Risk Management Framework (RMF) and supporting the Authorization to Operate (ATO) process through the Enterprise Mission Assurance Support Service (eMASS), VA’s Governance, Risk, and Compliance (GRC) tool.

The Junior ISSO will work on the Tool Management team supporting the Department of Veteran Affairs (VA) IT Modernization Tool Suite (MTS).  The Tool Management team will oversee the operational life-cycle of IT MTS tools, providing end-to-end product support including configuration, documentation, testing frameworks, and user training. Responsibilities include developing and executing software implementation and migration plans, assisting with Authority to Operate (ATO) processes, and ensuring tools meet VA security, patching, and vulnerability management standards. The team will also manage tool deployment and data migration efforts, ensuring smooth transitions and continuity of service. As tools reach end-of-life, the team will lead the off-boarding and decommissioning processes, ensuring proper closure of accounts, cost recapture, and safe system retirement.

Responsibilities include, but are not limited to the duties listed below

• Leads security compliance and risk management for all tools within the portfolio. 
• Coordinate ATO, RMF, and FedRAMP activities, oversees vulnerability and patch tracking, and support integration with eMASS and VA security artifact repositories.
• Advises on security on-boarding practices, threat modeling, and account provisioning standards, collaborating with engineers and Sr. ISSO to ensure every tool meets VA security posture requirements from intake through decommissioning.
• Develop IT Security Plan of Action and Milestones (POA&Ms) from eMASS and aid planning and implementing migration strategies, as necessary, and perform annual security assessments, including NIST SP 800-53 assessment and independent security assessments, as required.
• Collaborate with O&M support teams to develop and coordinate authorization documentation associated with the VA and customer processes including the Systems Categorization, Systems Security Plan, and Systems risk assessment
• Review information system infrastructure and application architecture to assess security requirements, and confirm Security Authorization Scope, including identifying the hardware and software components to be covered by the Security Authorization Package.
• Conduct assessments of assigned information systems security requirements, evaluate current security posture and recommend priorities for remediation. Assess and plan the engagement, leveraging relevant work completed for other systems to achieve schedule cost savings and minimize impact on customer staff resources.
• Update System Security Plans (SSPs) for IT system and complete the appropriate activities in eMASS to permit the generation of a complete SSP; coordinate distribution of SSP for review by project teams and track progress; and revise applicable areas in the eMASS tool as required.
• Update and maintain associated security plans for contingency plan; configuration management plan; incident response plan; and a security awareness, training, and education plan.
• Complete risk assessment for IT systems: verify risk assessment using test case; coordinate distribution of risk assessment for review by project teams and track progress; and ensure that accurate risk information is entered eMASS.
• Draft, approve, and validate POA&Ms while ensuring they are kept up-to-date, accurate, and represent a true plan to mitigate identified security weaknesses.
• Assess NIST SP 800-53, Rev 4. Controls and document results in VA’s eMASS repository. Ensure that eMASS contains quality data and that it is consistent with VA requirements.
• Review and conduct NIST-based self-assessments, identifying any weaknesses which need to be addressed, and developing a POAM for each of those weaknesses based on industry best practices.
• Support and document security controls tests, assist in remediation, and ensure that POAMs are being appropriately managed.
• Evaluate and strengthen standard SA&A Documentation, Security Assessment Reports and provide security infrastructure recommendations (i.e. IDS, firewalls, vulnerability scan tools, etc.)

Education, Requirements and Qualifications

• Must have the ability to obtain a Public Trust is required. 
• Three (3) years of expertise in developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages resulting in an authority to operate (ATO) for IT systems.
• Experience with eMASS and VA RMF processes.
• Familiarity with NIST SP 800-53, FedRAMP, and VA-specific security controls.
• Must be able to function resourcefully and independently and work with a diverse team of IA/cybersecurity practitioners
• Strong written and verbal communication skills required.
• Experience working within VA Offices with an understanding of unique organizational security policies and security controls implementations within specific IT environments is desired

Working Conditions and Physical Requirements

Please join us, as together we build a better world one mission at a time powered by Technology and its People!

This role is remote with some occasional travel to support the client.

#LI-Remote

#Credence #veteranemployment #militaryspouse #milspouse #hireavet #militaryveteran #militaryfriendly #transitioningmilitary #veterans #militarytransition #militaryfamilies #msep #militarytocivilian #military #federalcontractingjobs #defensecontracting #defenseindustryjobs