Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers.  Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies.  Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges. 

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.  

We are on the look out for an Information System Security Officer (ISSO) to support our Federal team in Washington, D.C (hybrid).

Location
This position is part of the Coalfire Federal team supporting one of our clients located in Washington, D.C.
Open to local candidates in the DMV area with the availability to go on site 3 days a week. 

Job Summary 

As an ISSO you'll be supporting as the point of contact (POC) to the information system owner (SO), ISSM, CISO on all matters (technical and otherwise) involving the security of assigned information systems (on prem, vendor, and cloud-based).

• Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization;
• The ISSO shall have oversight responsibility to ensure proper access controls have been implemented and managed;
• ISSO shall ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation.  
• Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.   
• Ensure documents provided to auditors are what was requested and approved for release.  Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information.  
• Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.  
• Follow agreed on procedures when providing documents;
• Collaborate with the Security Engineer in conducting security impact assessments on change to their respective FISMA systems.
• Collaborate with the Security Operations Center in reviewing vulnerability and compliance scan results at an agreed upon frequency.  Any findings in the scan results are to be tracked as a corrective action plan and managed in CSAM as a POAM
  
  

• Strong working knowledge and familiarity with NIST publications and privacy frameworks.

• Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
• Demonstrated experience supporting an industry risk management tool executing A&A activities.
• Ability to identify and assess risks and recommend appropriate remediation strategies.
• Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments
• Ability to work independently and with teams
• Professional and polished interpersonal and communication skills 
• Proficient with Microsoft Office to include Outlook, Word, PowerPoint, and Excel

Education
Completed Bachelor’s degree from an accredited university in an IT related field.

Clearance / Suitability 

Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.

Certifications Required

One or more of the following certifications: Security+, Network+, CASP, CISA, CEH, or other industry recognized certification

Years of Experience 

At minimum 5+ years of hands-on work experience with ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.

• CISSP or CISM certification
  
  

Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.

Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.

You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.  

Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.