Deloitte Information System Security Officer (ISSO) in Fort Meade, Maryland
Deloitte is hiring an Information Systems Security Officer (ISSO) for an exceptional opportunity in Annapolis Junction, Maryland.
TS/SCI with polygraph clearance required.
The candidate will be a member of the Government and Public Services (GPS) Security team with primary responsibilities for all aspects of classified systems administration including applications, databases, and telecommunications. Additionally, includes documenting and supporting accreditations, configuring, controlling, maintaining, troubleshooting, securing, continuous monitoring of usage and developing specialized system security processes procedures.
The System Administrator/ISSO also performs basic systems security administration functions, i.e. creating user accounts; monitoring and managing system resources, log files, CPU and disk usage, performing backups, performing systems backup and recovery procedures; hardware/software inventory; writing or modifying basic scripts to resolve performance problems; maintaining system documentation and logs; performing or assisting in troubleshooting problems; maintaining network security including application security; anti-virus, user authentication; and keeping abreast with current security technologies, applicable laws and regulations in support of Intelligence Community (IC) clients located in a Sensitive Compartmented Information Facility (SCIF).
The candidate will join a team of professionals with primary responsibility for Information Technologies in Annapolis Junction, MD while providing additional backup and surge support for locations in the Washington D.C. metropolitan area.
Security System Administrator
Definition: The Security System Administrator is responsible for the day-to-day operations and maintenance of the Firm s classified automated information systems with an additional responsibility to provide support during Assessment and Authorization activities.
Information Systems Security Officer (ISSO)
Definition: The ISSO is the individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program. The ISSO is assigned responsibility for the day-to-day security operations of the system.
Security System Administrator/ISSO candidate requirements:
Current TS/SCI clearance with a Polygraph
Primary Work location, Annapolis Junction, MD
Responsibilities of the Security System Administrator include:
Performing day-to-day Local Area Network systems administration.
Resolve desktop problems and service requests such as software installs.
Establishing system specifications by conferring with users; analyzing workflow, access, information, and security requirements.
Assist with installation and setup of new hardware, including desktops, servers, and networking equipment.
Incident response: collaborates internally and externally to develop and support operational procedures to mitigate risks related to classified data spills, intrusions and unauthorized accesses within Federal compliance guidelines relative to specific Federal agency clients to maintain system integrity and availability.
Strong verbal and written skills required providing management status reports and document system changes.
Implement baseline changes under tech lead oversight.
Responsibilities of the Information Systems Security Officer include:
Review audit logs.
Incident response report.
Conduct vulnerability scans and check scan reports for compliance
Check POA&M status.
Ensure all system users and people with security responsibilities receive their annual awareness training.
Review and validate user access rights.
Update SSP whenever there are system or personnel changes, but at least annually.
Ensure all system users sign the User Agreement before being granted access.
Manages changes to system and assesses the security impact of those changes.
Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
Position-specific Required skills:
Strong technical knowledge of security system functions, security policies, technical security safeguards, and operational security measures to include government security requirements with NISPOM and ICD 503.
Three (3) years of experience in a network/software/hardware support and/or systems administrator role.
Two (2) years of experience with Assessment and Authorization and supporting a client within the Intelligence Community.
Team player and have the ability to work in a fast-paced environment.
Position-specific Desired Skills:
DoD Directive 8570.01 Certification Requirements, which includes Certified Information Systems Security Professional (CISSP), Microsoft Certified Solutions Expert (MCSE) or Microsoft Certified Solutions Associate (MCSA) with emphasis Windows Server 2008/2012/2016 or Windows 10.
Virtualization technologies, such as VMware, Citrix XenServer, or Microsoft Virtual Server/Hyper-V.
Have technical knowledge of security system controls, policies, technical security safeguards, and operational security measures to include various government security requirements and working knowledge of NISPOM, NIST, and ICD 503.
Familiarization and understanding and/or training with National Institute of Standards and Technology (NIST) Special Publication 800 Series.
Primary work site is in Annapolis Junction, MD with occasional travel to Arlington, Crystal City, VA for support, security team and internal client meetings.
Category: Risk Management
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.