Information Assurance and Security Advisor-ISSO

Responsibilities

The ISSO will serve as the primary security point of contact for program. The ISSO will work with federal stakeholders to develop and implement a strategy for advancing security operational compliance activities as part of a Zero Trust security framework aligned with the programs vision.

 

The ISSO will provide management and coordination of security delivery for ongoing base operations as well as any investment initiatives that require security SME. The ISSO will work closely with the Program Manager (and other stakeholders as needed) to plan and prioritize operational compliance activities such as ATO recertifications, Assessment and Authorization (A&A) deliverables ensuring necessary security controls are in place and operating as intended to support the confidentiality, integrity, and availability from internal and external risks. Design, develop, and recommend integrated security system solutions that will ensure proprietary and confidential data and systems are protected. Provide technical engineering services for the support of integrated security systems and solutions. Interface with clients in the strategic design process to translate security and business requirements into technical designs. Configure and validate secure complex systems, tests security products and systems to detect security weaknesses.

 

The ISSO will be responsible for the day-to-day security operations of the Contractor information systems and information technology resources needed to fulfill this contract including infrastructure, facility, training, service delivery, QAS, workforce management systems, problem escalation and resolution, and performance monitoring systems in accordance with GSA IT Security policies.

Qualifications

Minimum of 8 years with BS/BA or 12 years with a HS Diploma

• 8 years of experience in assessment and authorization processes, securing Authorization to Operate (ATO) for System Security Plans ranging from moderate to high levels. Demonstrated proficiency in cloud auditing and formulating SSP packages from the ground up.
• Proficient in NIST standards and FISMA requirements, specifically for Moderate level systems, including compliance and reporting.
• Experience in managing security certification and accreditation activities utilizing the NIST Special Publication 800-53 Revision 5 framework.
• Extensive experience with the NIST Risk Management Framework (RMF) and in-depth knowledge of NIST Special Publication 800-30 for risk assessment. Skilled in the selection and implementation of control solutions, with a strong focus on scoping and tailoring these solutions to meet specific organizational needs and risk profiles.
• Skilled in developing System Security Plans aligned with Secure Access Service Edge (SASE) and Zero Trust Architecture (ZTA), incorporating FedRAMP-approved solutions for infrastructure compliance.
• Experience with cloud based SIEM (Security Information and Event Management) and monitoring solutions within platforms such as Azure, AWS, or GCP.
• Experience in designing secure cloud environments within multi-cloud infrastructures, utilizing FedRAMP authorized solutions to ensure compliance and robust security.
• Experience in overseeing compliance risks and ensuring both on-premises and cloud environments are in accordance with FIPS cryptographic standards and meet the baseline controls for moderate impact System Security Plans (SSPs)
• Experience in continuous security monitoring within highly regulated environments, adept at leveraging key performance indicators (KPIs) to assess security activities.
• Skilled in reporting and coordinating these metrics with stakeholders across diverse government departments and agencies to ensure aligned and effective security practices.
• Demonstrates understanding and experience in delivering architecture based on the 'Secure by Design' principle.
• Capable of effectively translating technical security concepts into comprehensible terms for senior government leaders and back-translating strategic objectives into technical directives for product teams, with a focus on identity and data-centric security within a Zero Trust framework.
• Proficient in Agile Development Methodology, with demonstrated experience in conducting daily stand-ups with stakeholders to identify requirements and ensure timely delivery.
• Capability to assemble a System Security Plan (SSP) that integrates multiple FedRAMP cloud packages with on-premises infrastructure, ensuring a cohesive and compliant security posture across hybrid environments.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$104,000 - $166,000. This represents the typical salary range for this position based on experience and other factors.

Salary : $104,000 - $166,000