NewWave HQ

  • Information Systems Security Officer (ISSO)

    Job ID 2019-1211
  • Overview

    NewWave is an information technology company helping businesses and government agencies modernize and thrive by applying the power of technology. NewWave began making a mark in the federal healthcare space in 2004, where we continue to actively modernize systems to improve healthcare’s value for millions of Americans. Since then, our work has expanded across various sectors and industries, where we help our customers stay ahead of the new and make the world in which we live, better.

    Responsibilities

    The Information System Security Officer is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program.  This individual would require hands-on experience evaluating, designing, documenting, imlementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program.

    • Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.
    • Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
    • Provide FedRAMP requirements and guidance.
    • Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
    • Independently develop a variety of C&A deliverables including: System Security Plans, E-Authentication Risk Analysis, Privacy Impact Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
    • Develop and maintain Plans of Action and Milestones corrective actions for audit findings.
    • Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
    • Performs periodic internal audits, vulnerability assessments, and Web Application testing.
    • Maintains current knowledge of relevant technology as assigned.
    • Participates in special projects as required.

     

    Qualifications

    • Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout all the phases of the SDLC.
    • Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
    • Complete a Security Impact Analysis as part of each sprint within an agile development organization.
    • Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
    • Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
    • Independently develop a variety of security authorization package-related deliverables including: System Security Plans, Information Security Risk Assessment, Privacy Impact Assessments, , Contingency Plans, Incident Response Plans, and other security and privacy plans, processes, and procedures.
    • Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
    • Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
    • Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
    • Performs periodic internal audits, vulnerability assessments, and Web Application security testing.
    • Maintain current knowledge of relevant security and privacy trends and technology.
    • Participate in special projects as required.

    Residency Requirement

    • Must have lived in the United States at least 3 out of 5 years.

     

    Preferred

    • Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.
    • Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.
    • Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline.
      • Experience driving ATOs including the privacy controls specified in NIST SP 800-53 rev 4 Appendix J.
    • Experience in the development, implementation and operation of IT Security Strategy within a complex environment.
    • Knowledge and experience with security best practices and relevant legislation.
    • Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.
    • Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.
    • Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.

     

    Technical

    • Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.
    • Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.
    • Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.
    • Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.
    • Experience with GRC tools, such as CSAM, CFACTS, TAF, or Xacta.
    • Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
    • Ability to leverage Microsoft Project for project planning.

     

    FLSA Status

    • Exempt

     

    INTERPERSONAL SKILLS:

    • Excellent interpersonal, communication, and organizational skills.
    • Excellent written and verbal communication skills – must be able to communicate fluently in English both verbally and in writing
    • Should be extremely facts and data oriented.
    • Should be deadline and closure oriented.
    • High Energy Levels. Should be self-driven.
    • Strong analytical, organizational and project management skills.
    • Demonstrated ability to lead and work with cross functional teams including senior level individuals.
    • Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.

     

    NewWave is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.   NewWave is a proud Veteran friendly employer. 

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed