Information System Security Officer

ECS is seeking an Information System Security Officer to work in our Fairfax, VA office.  Please Note: This position is contingent upon contract award.

ECS is seeking talented professionals to join our successful and growing team in building the next-generation Threat Intelligence Enterprise Service (TIES) solution. The TIES Program is the Cybersecurity and Infrastructure Security Agency’s (CISA) dynamic approach to fulfilling its federally mandated cyber information sharing responsibilities and ensuring real-time automated threat intelligence reaches key security partners. The TIES product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet CISA requirements. 

We seek driven professionals who excel in a dynamic, fast-paced, and highly collaborative environment, where critical thinking, problem-solving, and a mission-focused approach are essential. A passion for continuous learning, improvement, and cybersecurity is vital.

As a small team committed to radically improving government, every member directly shapes ECS’s direction and success. We take pride in our stewardship, holding deep responsibility for the solutions we develop. Collaboration is at the heart of our work—both within our team and alongside our federal partners.

ECS is seeking a talented, diligent, and energetic Information System Security Officer. The ideal candidate will apply their ISSO experience and be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program’s technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats. The ideal candidate will be able to align to the following duties: 

• Apply experience of RMF Steps 1 through 4; significant experience producing Information Security documents (System Security Plan, Privacy Assessments – PIA, PTA, Risk Assessment, Incident Response, Disaster Recovery, Interconnection Systems Agreements, BIA, ISA, etc) 
• Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives 
• Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations in addition to brief technical vulnerabilities and system non-compliance based on Information Security policy 
• Develop, revise, and capture system-specific workflows and processes that align with compliance and program governance based on relevant guidelines and regulation 
• Evaluate system functions for writing security control language for the satisfaction of an authority to operate 
• Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes 
• Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support 
• Maintain system security awareness through regular monitoring and alerting 
• Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime 
• Document and track POA&Ms from creation to completion 
• Create and maintain dashboards to inform cyber risk posture 

• US citizenship with ability to obtain Public Trust Suitability 
• Bachelor’s degree or 5 years of relevant experience 

• 3+ years operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations 

• 3+ years experience reviewing and/or configuring AWS Organizations, CloudFormation, and/or Terraform Infrastructure as Code 

• 3+ years of infrastructure and network security experience 

• 3+ years implementing NIST RMF and writing security control responses across all control families 

• 3+ years delivering Federal cybersecurity reporting and compliance requirements  

• 3+ years evaluating system security posture from the application level to underlying infrastructure 

• 1+ year supporting systems deployed in cloud hosting environments 

• 1+ year experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums