Mid-Level Information Security Professional

LightFeather.io, LLC is hiring Level III Mid-Level ISSO to work on our team supporting the Department of Homeland Security (DHS). This is a long-term project located in Washington DC. In this position, you will work in a collaborative environment an integrated team consisting of resources from DHS, LightFeather and others.

All candidates must demonstrate a high degree of initiative, passion for innovation, a solid understanding of information security, and a willingness to work in a highly collaborative security culture. If accepted for a position with LightFeather.io, LLC, you will be joining a team that embraces agile security methodologies with an emphasis on automation, continuous monitoring and innovative security.

This position requires US Citizenship.   

Responsibilities:

  • Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted Security Authorization (SA) packages.
  • Advise and assist with the Lifecycle SA process and developing a Systems Security Plan (SSP).
  • Monitor and track projects in the SA test queue.
  • Maintain a document repository where SA project documentation is stored.
  • Work closely with developers to identify the appropriate certification/approval processes and authorities.
  • Record/register actions concerning project approvals to operate in the SA database.
  • Read and analyze SSPs and develop understanding of systems and applications into security test plans.
  • Coordinate SA actions and system testing with appropriate security personnel.
  • Develop risk assessment reports.
  • Assemble and submit SA packages to Principal Accreditation Authority/Designated Accreditation Authority (DAA).
  • Review IA Compliance Validation Tests and Reports
  • Prepare Vulnerability Remediation Plans (RP)
  • Act as SA project register, managing the SA registration process
  • Manage and maintain a document repository where SA project documentation is stored

Required Qualifications:

  • Active Secret level security clearance
  • At least one security certification (e.g. CISSP,Security+, CISM, etc.)
  • 5-8 years of experience in information security, with a concentration on SA as it applies to the US Government
  • Must possess demonstrated experience in all phases of preparing and reviewing complete SA packages for information technology systems and/or applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by the guidance of the National Institute of Standards and Technology (NIST)
  • Be able to communicate effectively through written and verbal means to co-workers and senior leadership
  • Be able to effectively manage multiple tasks simultaneously with minimal supervision; coordinating and ensuring scheduled goals are met
  • Be prepared to take responsibility for the performance of IA Compliance Validation Tests, reports, and tracking
  • Be prepared to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessments/mitigation approaches
  • Be able to work well with collateral engineers, analysts and managers on related programs
  • Be able to conduct effective vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53R3, as well as other DHS requirements