Alternative Information System Security Officer (A-ISSO) III

BOOST LLC is a dynamic management consulting firm that offers an array of government-compliant back-office solutions to support our teaming partners within the GovCon space. Our consultants are experts in the areas of Accounting, Contracts, Human Resources, Recruiting & Sourcing, and Strategic Pricing and our passion is to guide and propel our partners towards success within this competitive sector.

BOOST is helping our client; ZenPoint Solutions LLC (“ZenPoint Solutions”) find a highly qualified Business Analyst II. ZenPoint Solutions is a rapidly expanding Information Technology (IT) services company in the federal sector. We foster a thriving, ambitious work environment that prioritizes employee well-being and a positive company culture. We invite you to join our team and help us shape a dynamic future as we deliver innovative solutions to address the nation's most critical IT missions.

Position Overview: One of our Department of State contracts is seeking an A-ISSO (Senior) to join our team in providing advanced cybersecurity and system integration services. The ideal candidate is a proactive, self-motivated professional with extensive experience in securing information systems.

In this role, the A-ISSO will ensure the appropriate security posture is maintained across various platforms, including cloud-based SaaS/PaaS solutions, server-based applications, databases, development environments, standalone systems, and desktop/laptops. They will oversee and assist in the implementation of controls and procedures to safeguard DOS information systems from unauthorized modification, disclosure, or destruction. Additionally, the A-ISSO will be responsible for updating key security documentation, including system security plans, change management protocols, incident response plans, and related policies and procedures.

Clearance Requirement: Candidates must hold a minimum Interim Secret clearance and be able to secure a full scope Secret clearance once on contract

Work Location: Washington, DC

Work Schedule (Hybrid): Three (3) days onsite at the customer's facility and two (2) remote days; work schedule is subject to change based on customer needs and without prior notice

Key Responsibilities:

• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
• Maintain the operational security posture of information systems
• Create and maintain existing information system security documentation, including SSP, Security Controls Traceability Matrix (SCTM), and Risk Management Framework (RMF) Body of Evidence
• Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
• Write security control implementation details describing how security features are implemented based upon the requirements set forth by NIST 800-53
• Prepare system documentation for assessment in accordance with RMF, FISMA and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; assist in writing remediation plans for findings, create Plan of Action (POA&M) in the GRC tool, and track them to closure
• Participate in Authority to Operate Assessment activities in support of Security Control Assessors and Information System Security Managers
• Create security policies and maintain existing information system security documentation
• Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
• Participate in the change management process, including reviewing “Change Requests” and assisting in the assessment of security impact of proposed changes
• Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components
• Continuously review and evaluate best practices for implementing a comprehensive audit program
• Implement vulnerability management programs including tracking, remediating and closing of identified vulnerabilities
• Support penetration testing efforts
• Provide direction and guidance to less experienced cybersecurity personnel
• Remain sensitive to security infractions and assist in security investigations and responses as requested
• Assist with conducting contingency plan testing and remediate weaknesses identified during testing
• Oversee system recovery processes to ensure that security features and functions are fully restored and operating correctly after an outage
• Effectively communicate both verbally and in writing with government and industry stakeholders

Required Qualifications:

• Candidate must be a United States Citizen and present proof of Citizenship, if selected
• Bachelor's Degree in computer science, information systems, or a related field
• 5+ years of experience in Information Security (INFOSEC) operations and/or Cybersecurity-related support
• Strong background and extensive experience with NIST SP 800-37, SP800-53, FISMA, and FedRAMP knowledge of current authorization practices, particularly within the DoD or DOS
• Extensive background with DITSCAP/DIACAP may be substituted in some cases
• Experience with security efforts related to modern Windows, Cloud computing (Azure/AWS), Linux, Cisco, SQL or Oracle databases, and virtual computing. This may also include some system administration work with an emphasis on security control implementation
• Experience with using GRC tools such as Xacta, Archangel, eMASS
• CAP, CASP, CISSP, or CISM desired
• Highly motivated professional capable of managing a demanding workload and competing priorities
• Self-starter with the ability to gather input from stakeholders and adapt to changing project requirements
• Exceptional attention to detail and an efficient and disciplined work approach
• Excellent communication skills with a high level of integrity and leadership
• Strong problem-solving, critical thinking, and multitasking abilities

Bonus Qualifications:

• 5+ years of experience with the Risk Management Framework (RMF) within the Intelligence Community (IC), DOS, and/or Federal Systems community

Company Benefits: We take care of your well-being here at ZenPoint Solutions! Our comprehensive benefits package includes health, dental, and vision insurance to keep you and your family healthy. We also offer group and voluntary life insurance for financial security, and short-term and long-term disability insurance to provide peace of mind in case of unexpected illness or injury. You'll have the option to contribute to a 401(k)-retirement plan with company matching contributions to save for the future. We also offer flexible spending accounts to help manage medical and dependent care costs on a pre-tax basis. On top of that, you'll enjoy a generous paid leave policy, including federal holidays, to maintain a healthy work-life balance. To help you grow in your career, we offer professional development opportunities and a tuition assistance program.

Commitment to Equality: ZenPoint Solutions values diverse perspectives. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other status protected by applicable federal, state, or local law.