Isso – Xacta SME

What You’ll Do

• Advise the information system owner and CISO/ISSM on system security.
• Define access privileges, security controls, and resources to protect information systems.
• Facilitate tracking, handling, and reporting security events and incidents per government procedures.
• Evaluate and escalate incidents, implementing mitigation techniques according to customer guidelines.
• Collaborate with team members to implement an efficient cyber incident management system.
• Research IT security trends to enhance security measures.
• Analyze network traffic and logs to identify threats, recommend countermeasures, and mitigate network damage.
• Maintain network, server, and security integrity per regulatory and departmental policies.
• Create and maintain system documentation to ensure certification and accreditation throughout the Authority to Operate lifecycle.
• Recommend and implement security improvements based on assessments and trends.
• Manage Information Security Vulnerability Management, Alerts, Technical Advisories, and Bulletins.
• Develop and conduct security training and awareness programs.
• Assist in developing and implementing security policies and procedures for regulatory compliance.
• Assess and manage risks to information processing, storage, and transmission.
• Maintain, administer, and configure Xacta, providing backend support.
• Oversee Xacta integration into security processes and workflows.
• Collaborate with stakeholders to utilize Xacta for compliance and risk management.
• Troubleshoot and resolve Xacta configuration and operational issues.

Education + Requirements

• BA or BS degree and 8 years of relevant experience 
• 6+ years of experience with information assurance or cybersecurity 
• Demonstrated expert knowledge and experience with maintaining, administering, using, and configuring Xacta (backend experience required.
• Experience with supporting system security and authorization processes, RMF, and ATOs 
• Experience with NIST 800-37, NIST 800-53, or Intelligence Community Directive 503 requirements 
• Experience with ACAS and vulnerability databases including Tenable Nessus, NVD, and NIAP 
• Ability to report IT security events or incidents based on policies and procedures 
• Ability to provide on-site, full-time support in a client environment  

Required Certifications

• AITI III level certification
• CASP+ CE (CompTIA Advanced Security Practitioner)
• CCNP Security (Cisco Certified Network Professional Security)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional) or Associate
• GCED (GIAC Certified Enterprise Defender)
• GCIH (GIAC Certified Incident Handler)
• CCSP (Certified Cloud Security Professional)

Security Clearance Requirements

• U.S. Citizenship
• Active Top Secret clearance
• Q clearance (or willing and able to achieve Q clearance)