Information Systems Security Officer

United StatesFull-TimeMiddle

Salary111,800 - 134,200 USD per year

Apply NowOpens the employer's application page

Job Details

At least 4 years of experience establishing security controls.
Experience with two or more from: web application development, unix/linux environments, distributed systems, machine learning, large scale systems, or API services.
Experience with one or more infrastructure scripting languages: Terraform, CloudFormation, Ansible, Chef, Puppet, or Kubernetes.
Experience implementing two or more cloud-based solutions.
Direct, hands-on experience with CFACTS.
Proven ability to author Security Impact Analyses (SIA), System Security Plans (SSP), and Privacy Impact Assessments (PIA).
Expertise in NIST 800-53 Rev 5 and CMS ARS 5.0.
Experience taking a system through the Assessment & Authorization (A&A) process to achieve or maintain an ATO.
Ability to interpret Tenable/Nessus or WebInspect scans.
Understanding of how to document security controls for AWS-native services.

Proactively identify system changes in HQR and QMARS and document them in a Security Impact Analysis (SIA) to ensure the ATO remains valid.
Serve as the 'Source of Truth' for the system's security posture in CFACTS, managing control implementation statements and evidence.
Lead 'Audit Season' efforts, gathering screenshots, logs, and process documentation for CMS auditors.
Attend sprint ceremonies for HQR and QMARS to advise developers on CMS security standards.
Track security weaknesses from discovery to remediation via the POA&M life-cycle.
Ensure all program documentation such as Contingency Plans and Incident Response Plans are reviewed and signed off annually.

View Full Description & ApplyYou'll be redirected to the employer's site