Noblis and our wholly owned subsidiaries, Noblis ESI and Noblis NSP, are solving difficult problems that help our government and our country. We bring the best of scientific thought, management, and engineering expertise with a reputation for independence and objectivity. We support a wide range of government and industry clients in the areas of national security, intelligence, transportation, healthcare, environmental sustainability, and enterprise engineering. Learn more at noblis.org/about.
Why work at a Noblis company?
Our employees find greater meaning in their work and balance the other things in life that matter to them. Our people are our greatest asset. They are exceptionally skilled, knowledgeable, team-oriented, and mission-driven individuals who want to do work that matters and benefits the public.
Noblis has won numerous workplace awards. Noblis maintains a drug-free workplace and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race.
You are responsible for managing multiple projects and directing the work of others while applying your expertise and experience. You serve as the primary contact for clients on assigned projects, leveraging knowledge of clients’ operations and business. You regularly interact with mid-level client representatives and build/use strong collegial networks to improve quality, grow new business, and shape new corporate objectives. You are able to manage uncertainty and risks in difficult situations, relationships, and problems. You communicate, diagnose, and facilitate consensus in a variety of situations setting clear expectations for execution.
Are you interested in getting engaged with Cloud Computing? Are you looking to make an impact across the entire federal government? Do you have extensive NIST Risk Management Framework (RMF) knowledge and experience? Are you self-driven and detail oriented with excellent written and verbal skills? Then this job is for you. Come be a part of a rapidly growing team of highly skilled FedRAMP ISSOs and help redefine the FedRAMP process with FedRAMP Accelerated.
FedRAMP ISSOs are project managers and NIST RMF subject matter experts. We are more ISSM than ISSO as we assist the cloud service provider through the FedRAMP process while ensuring the highest quality products are produced for reuse across the entire federal government. We are seeking highly qualified individuals to lead their CSPs through the process.
The Information System Security Officer (ISSO) will provide subject matter expertise to cloud service providers, advice to government clients, and manage the CSP project from kickoff through continuous monitoring. ISSOs are required to review all CSP documentation for completeness, compliance, and risk acceptance criteria and work with stakeholders until the system documentation meets the high standards of the FedRAMP program and the Joint Authorization Board (JAB).
- Conduct thorough and critical reviews of Assessment and Authorization (A&A) documentation, including reviewing NIST and FedRAMP compliant A&A documentation
- Evaluate cloud computing architectures and identify weaknesses
- Analyze system risks and provide recommendations for risk acceptance or rejection
- Analyze CSP deviation and risk downgrade request.
- Identify and propose solutions to resolve security deficiencies
- Refine and propose modifications to security requirements and specifications
- Present findings and recommendations to senior government officials
The ISSO will apply in-depth knowledge and skills in the following disciplines:
- Certification and Accreditation under OMB, NIST SP 800-xx Series
- Cloud Computing
- Risk Management
- Host System Security (Windows, UNIX, Linux)
- Network Security (Firewalls, Guards, etc.)
- Malicious Code Detection and Eradication
- Penetration Testing Methodology
- Bachelors, Masters, or PhD in Computer Science, Information Assurance, Electrical Engineering, or related field is required with commensurate experience
- Minimum of three years of progressive experience with the NIST Risk Management Framework in complex system and organizational environments
- Excellent verbal and written skills
- Work independently and with a small team
- Ability to meet tight deadlines
- Ability to communicate with executive levels of the government
- Demonstrated current broad-based understanding of security architecture, computer technology, design, standards, and products based on both solid formal training and experience
- Minimum of one of the following certifications (in order of preference): Certified Information System Security Professional (CISSP), Certification and Accreditation Professional (CAP), or Certified Information Systems Auditor (CISA)
- The ISSO is expected to seek and assume higher levels of technical responsibility, manage time effectively across more than one initiative, and apply sound technical judgment
- All Noblis employees must be able to demonstrate excellent relationship building and management skills
- Experience working with GSA, DoD, and/or DHS FISMA programs is preferred,
Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified or other regulated information.