Cross Functional ISSO SME

Evolver is a cybersecurity and digital transformation company supporting national defense, federal civilian agencies, and Fortune 500 organizations. We help customers secure critical systems, modernize enterprise technology, and solve complex operational challenges through integrated capabilities spanning cybersecurity, enterprise IT infrastructure, cloud, software development, data analytics, legal technology and eDiscovery, applied AI, and electronic security systems. Our teams combine deep technical expertise with mission understanding to deliver secure, reliable, and scalable solutions that advance performance in high-stakes environments.

Evolver is looking for a Cross Functional ISSO SME to join us in support of our Federal Client located in Camp Springs, MD. This position is hybrid, requiring onsite work in Camp Springs, MD two (2) days per week.

The Cross Functional ISSO SME will join a team of specialists responsible for providing RMF, Security Authorization, Controls Assessment, Change Management, Continuous Monitoring, Vulnerability Management, and Incident Response. The ISSO SME will support the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. They will provide oversight into all responsibilities as required and will support both Unclassified (SBU) and For Official Use Only (FOUO) systems. They shall perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.

Responsibilities:

• Support all Risk Management Framework (RMF) activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.
• Support all Security Control Assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.
• Support Configuration/Patch/Vulnerability Management activities. Review scan results for the system assets, identify the respective remediation for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.
• Develop briefings and presentations for Government PM and Executive Management.
• Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government.
• Produce the following artifacts following our client's two (2) day turnaround policy: FIPS 199, E-Authentication Workbook, PTA, PIA, CP, CPT, and a five (5) day turnaround policy for the review of the Security Plan (SP).
• Provide Cloud Security support for enterprise infrastructure components (network, database, middleware, security, and open-source code) technology transitions and migrations to cloud services, e.g., Platform as a Service (PaaS), Infrastructure as a Service (IaaS), etc.
• Ensure systems are properly patched and hardened according to our client's requirements.
• Conduct research and analysis on abnormalities and provide recommendations.
• Provide, prepare, and conduct security training, as needed.
• Apply and analyze privacy laws, administrative laws, regulations, and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland Security Act of 2002.
• Support security and privacy requirements for internal and external system connections.
• Support proposed collection, sharing, and maintenance of PII through privacy compliance documentation.
• Perform comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with client and FISMA requirements.
• Conduct quality assurance checks to ensure that the finished documentation meets client and FISMA requirements.
• Revise, edit, or update security authorization documentation and presentations.
• Create, adapt, and follow project schedules and deadlines.
• Develop a thorough understanding of the audience and the documentation required by meeting with colleagues and working with managers to discuss technical problems.
• Research and build knowledge about products, services, technology, or concepts.
• Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats, and risks in emerging IT projects, and develop technical in-depth engineering solutions to address and mitigate these risks.
• Ensures daily, monthly, and quarterly compliance requirements are met individually and by professional level staff within the timelines provided by Operations executive leadership.
• Performs other related duties as assigned.

Basic Qualifications:

• Must be a United States (US) Citizen.
• Must be able to pass a comprehensive background check.
• Must be able to obtain an agency-specific Public Trust clearance prior to joining.
• Must reside in the Washington, DC metropolitan area, within a commutable distance to our client's location in Camp Springs, MD in order to work onsite 2 days per week.
• 5 years of working experience in a similar role.
• 5 years of experience in Security Engineering or Security Operations.
• 5 years of experience analyzing, assessing, and implementing corrective actions based on vulnerability management tools.
• Must have and maintain at least one (1) active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by our customer. Proof of certification is required.
• Bachelor's Degree required. Equivalent years of experience in a related field may be substituted for the degree.
• 3 years of experience with controls standards such as NIST 800-53, 800-37, 800-66, and 800-171, as well as other privacy regulations.
• 3 years of experience in Systems Administration and/or Engineering with some of the following: Linux, Windows, Splunk, Oracle, Active Directory, Solaris, Networking, etc.
• 3 years of experiencewith NIST SP 800-53, RMF, FISMA, DHS and DoD policies.
• 3 years of experience in Cloud Security with one of the following platforms: AWS, Google Cloud, and/or Azure.
• 3 years of experience with Security Regulations, such as the NIST Publications and OMB Security related documents.
• 3 years of experience with security process mapping, security process analysis, security process improvement concepts, models, and best practices.
• 3 years of experience with preparing documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization.
• 3 years of experience working in an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• 3 years of experience providing technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements.

Preferred Qualifications:

• Strong analytical and problem-solving skills.
• Proficient with Microsoft Office Suite; specifically, Excel, Word, and Outlook a must. Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting a must.
• Demonstrated experience conducting interviews and negotiation skills applicable to identifying, defining, and evaluating requirements.
• Proficiency in vast array of Cyber Security platforms, such as Standard Application Online (SAO), Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, Endpoint Security.
• Experience supporting multiple high-volume project assignments.
• Excellent customer service, analytical, problem solving, critical thinking, team building, interpersonal, negotiation, and conflict resolution skills.
• Ability to work independently and function as an integral part of the team.
• Excellent verbal and written communication skills; technical and business focused, with the ability to document and describe security process information collected.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.
• Listening skills, the ability to detect explicit and implicit needs and wants.
• Ability to work on high priority ad hoc requests such as data calls, Senior Management Initiatives (CIO, CISO, etc.), customer mandates, etc.
• Hands-on experience with Adobe Pro a must.
• Must have an impeccable work ethic, the ability to make sound decisions, and a commitment to integrity and accountability.
• Excellent organizational skills and attention to detail.
• Strong leadership skills.
• Ability to function well in a high-paced and at times stressful environment.
• Ability to prioritize tasks and to delegate them when appropriate.

Evolver is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.