Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
The contract shall serve as the ISSO point of contact (“ISSO”) for information assurance activities at the IT system level, and will report directly to the Compliance Branch chief for general guidance and for assignments outside their typical ISSO duties. Each Information System within TSA is required to have an ISSO per DHS and NIST policy. Depending on system complexity, an ISSO may be assigned more than one system. The ISSO shall ensure that management, operational, and technical controls for securing either National Security Systems or SBU level Information Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. The ISSO shall possess effective interpersonal and presentation skills as he/she operates in a client-facing role. The ISSO must possess experience with NIST 800 publications standards. The position requires experience with vulnerability scanning and assessments. The ISSO shall conduct Certification and Accreditation (C&A) activities in accordance with NIST 800-37 standards. All C&A deliverables must meet the metrics in the DHS Information Security Performance Plan; this plan will be provided upon contract award. The ISSO shall report IT Security events/incidents in the time prescribed by DHS MD 4300 IT Policy depending on the severity of the incident. The ISSO shall also respond to Information Security Vulnerability Management (ISVM) notifications and ensure all systems under their purview are in compliance with TSA and DHS IT Policies (these policies will be provided upon contract award) by the date prescribed. Per TSA and DHS policy, the ISSO shall be required to receive approval from the CISO for designation as the ISSO. The ISSO shall manage single or multiple systems depending on the size and complexity.
The contractor shall execute the following activities:
- Execute Certification & Accreditation activities program.
- Assist in developing unified guidelines and procedures for conducting certifications and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.
- Developing and present, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
- Ensure IT systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication.
- Conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS, AppDetective, WebInspect and ISS.
- Assist with external/internal audits for designated systems.
- Report incidents within the timeframe prescribed by DHS 4300 policy for incident response.
Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
- 3-6 years of strong security experience
- Minimum of 3 years demonstrated experience with Enterprise Network devices (i.e. routers, switches, firewalls). Experience shall be clearly outlined in resume.
- Minimum of 3 years demonstrated experience with Operating platforms (i.e. UNIX, Solaris, and Microsoft. Experience shall be clearly outlined in resume.
- Contractor shall be able to manage single or multiple systems depending on the size and complexity. Experience shall be clearly outlined in resume.
- Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53 and 800-53a.
- Previous experience creating all necessary Certification and Accreditation documentation. Experience shall be clearly defined in the resumes
- Proficiency conducting and evaluating/analyzing results from the following set of tools, to include but not limited to: NESSUS, AppDetective, WebInspect and ISS.
- Certification: Certification and Accreditation Professional (CAP), CISSP, or similar widely recognized IT Security certification is required
Knowledge Consulting Group - 2 years ago