Senior Information Security Engineer (isso)
Was Department of Energy (DOE) Office of the CIO (OCIO) ISSO Team Lead before temporary disablement due to an accident, and returned as a senior member of the team. As a Senior ISSO, main responsibilities included acting team lead tasks in the absence of new team lead, maintaining Authorization to Operate (ATO) certifications and supporting Risk Acceptance and Annual Review efforts, by verifying FISMA/NIST, DOE, and OCIO compliance on new client systems as well as reauthorization of current systems; maintained/updated artifacts for those systems, in particular SSPs, and represented the ISSO team in meetings, including weekly configuration management board and continuous monitoring and other projects.
- Represented system owners in IATO, initial ATO, and reauthorization efforts.
- Addressed vulnerabilities found by Tenable/Nessus scanning.
- POA&M remediation and risk acceptance guidance and documentation.
- PIA, SSP, BIA, and Exemption/Waiver/Tailoring documents.
- Acceptance or rejection of change requests due to security posture.
- Reviewed, and provided guidance for, work by other DOE OCIO ISSOs.