The ISSO serves as a Cyber Security Specialist and will perform level III ISSO and/or ISSO support.

• Ensuring that security requirements for the assigned major application or general support system are being or shall be met. 
• Supporting security authorization activities (also referred to as C&A) of platform and major/minor applications. 
• Performing reoccurring tasks such as weekly backups and provisioning privileged accounts.
• Identifying and leading security initiatives which improve platform security.
• Ensuring compliance with all legal requirements concerning the use of commercial proprietary software, e.g., respecting copyrights and obtaining site licenses. 
• Supporting the development of a Contingency Plan and participating in the Contingency Plan test for the platform and all major/minor applications that reside on the platform. 
• Attending security awareness and related training programs and distributing security awareness information to the user community as appropriate. 
• Reporting IT security incidents (including computer viruses) in accordance with established procedures. 
• Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems. 
• Assisting with NIST/RMF related security tasks.

Job Requirements 

• Bachelor’s Degree in related IT field 

Minimum Years of Relevant Experience 

• Eight years of IA experience; 3 of which must be FISMA-related  

Required Skills 

• Extensive experience with Salesforce, including implementing security measures such as access controls.
• Demonstrated ability to analyze access logs and account permissions and to recommended solutions.
• Demonstrated ability to apply extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems. 
• Knowledge of NIST SP 800 family of publications, particularly those associated with risk management policy and procedures. 
• Experience with evaluating systems, networks, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines. 
• Extensive knowledge and experience with the following criteria: 
  • Web Application vulnerability scan analysis
  • Information security and assurance principles (e.g., Least Privileged, Defense-in-depth) and associated supporting technologies. 
  • Application security and network security.
• Demonstrated ability to assess and weigh current and evolving security threats in an operational environment. 
• Understanding security’s role in the software development lifecycle (SDLC).
• Experience performing Security Impact Analysis (SIA)
• Educate teams on Salesforce security principles and best practices through training and documentation
• Respond to events, participate in vulnerability remediation, and help develop preventative security solutions.
• Knowledge of DHS Information Security Policy Directives and Handbooks. 

Required possession of one or more professional security certifications, including but not limited to: 

• Certified Information System Security Professional (CISSP) 
• Certified Information Systems Auditor (CISA) 
• Salesforce Certified Administrator 

Preferred Skills 

• Demonstrated ability to rely on extensive experience and judgment to plan and accomplish goals. 
• Able to work effectively independently to solve problems quickly and completely. 
• Experience reporting to, communicating with, and/or collaborating with Federal program stakeholders. 
• Experience in supporting, monitoring, and testing software IA problems. 
• Excellent oral and written communication skills.

Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $125,000 to $175,000.  The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here. 

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.