Required Qualifications:

• US Citizenship required; Must have the ability to obtain and maintain a DHS Public Trust clearance.
• Bachelor’s degree and 5 years’ experience or Master’s degree and 3 years’ experience or Associate’s degree and 7 years’ experience or HS diploma/equivalent and 9 years’ experience.
• 5+ years of experience as a named ISSO for a Federal Government System.
• Excellent knowledge of the NIST Risk Management Framework (RMF) and NIST Special Publication 800 series and DHS Security Policy 4300a.
• Strong understanding of the CSAM Governance Risk and Compliance tool.
• Experience with AWS GovCloud based systems and DevSecOps tools.
• Experience working with FIPS 199 High Systems and/or systems containing Privacy data.
• Knowledge of federal security and regulations, DHS Security Policy and AWS GovCloud FedRAMP structure.

Preferred Qualifications:

• Experience within DHS or with a DHS Component.
• Experience working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations, and directives.
• Experience with native AWS security tools like CloudWatch, Guard Duty, CloudTrail, etc., and industry standard SEIM tools like JIRA and Splunk.
• Cybersecurity certifications preferred (one or more of the following): CISSP, CISM, AWS Security Professional, CCSP, CCSK, CISA, or CRISC.

Peraton is seeking an Information System Security Officer (ISSO) to join our team of qualified, diverse individuals. The ideal candidate will be part of the Peraton Security Team and play a Cybersecurity operational compliance role within the Data Center and Cloud Optimization (DCCO) program. This individual will be able to demonstrate industry expertise of security governance, risk and compliance domain in AWS GovCloud.

This is a 100% Remote position.

If you enjoy learning about new technologies and applying them to provide cutting-edge services to customers, Peraton is the place for you. With a strong focus on biometric security and the science of fingerprint, face, and iris recognition, we develop state-of-the-art technologies that preserve freedom and advance human discovery. Our pioneering and inventive spirit has placed us at the forefront of numerous technological advancements. We continue to innovate, with our employees not only being part of history but also actively making it.

Day to Day Work Responsibilities:

• Responsible for performing one or more Government Information Systems and assisting with end-to-end Governance Risk and Compliance (GRC) functions.
• Ensure information systems are following National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA), and Department of Homeland Security (DHS) requirements.
• Develop project and task schedules, track and report metrics, and to identify and communicate potential risks and/or impediments to project success.
• Manage and maintain System Security Plans (SSP) in accordance with NIST Special Publication 800-53 and DHS 4300a requirements in the DHS instance of CSAM (Cyber Security Assessment and Management Application).
• Develop core SSP documentation such as: Configuration Management Plans; Contingency and Disaster Recovery Plans; Incident Response Plans; relevant system Standard Operating Procedures; and Plan of Actions and Milestones (POA&M).
• Prepare SSPs for Security Authorization and High Value Asset assessments.
• Maintain system artifacts for evidence-based proof that SSP security controls are implemented, documented, operating as intended, and producing the desired results.
• Maintain hardware, software, ports, protocols, and services inventories.
• Manage and update the SSPs of responsibility to reflect the security impacts of system changes based upon activities and projects resulting from the Change Management process and procedures.
• Identify potential POA&Ms, open, track remediation efforts, and support fact-based efforts to close system POA&Ms with the consent of the ISSO/ISSM.
• Oversee SSP compliance in an Amazon Web Service (AWS) GovCloud, a FedRAMP environment.
• Manage the security posture of cloud environment through the use cloud native security tools, and non-native Security Event and Incident Management (SEIM) tools.
• Ensure SSP compliance within the requirements of the AWS Share Responsibility Model.
• Contribute to discussions and security decisions with respect to virtualized RHEL and Windows instances in cloud environments.
• Contribute to discussions and security decisions with respect to containerization, micro-segmentation, and virtualized network, storage, and compute platforms.