Information System Security Manager - ISSM

Responsibilities

• Lead and plan for new technology insertion by keeping up with new technologies and capabilities such as encryption, transport, networking, and routing, among other duties.
• Support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documentation for the Assessment and Authorization process.
• Assist projects in determining their security requirements by analyzing a project's business needs and help evaluate industry offerings to identify products that meet security requirements.
• Develop and implement test plans for commercial off-the-shelf (COTS) and custom-developed systems.
• Collaborate with stakeholders to create and perform quality control on Sponsor partners' RMF body of evidence documentation.
• Review assessment reports and assist projects in identifying security risks (technical and non-technical) and developing effective mitigation strategies such as Plans of Action and Milestones (PoAMs).
• Ensure the project completes mitigation strategies as scheduled to meet timely delivery to the customer.
• Provide security review and approval for changes to accredited systems, such as installation of new software and opening new ports, and determination of security-relevant changes.
• Provide security review of network firewall changes.
• Provide security approval for devices being brought into Sponsor buildings.
• Provide feedback for the Sponsor's Computer Incident Team to resolve cyber incidents.
• Provide input to improve group processes by recording lessons learned and creating standard operating procedures.
• Ensure all products and administrative documentation are completed and maintained in order to ensure continuity and historical reference.
• Ensure deliverables meet all relevant quality and security standards.
• Maintain the Rapid7, AppDetective, and WebInspect scanning software, keeping them patched and accessible to AMO systems to meet the scanning requirements.

Qualifications

• Must possess and be able to maintain a TS/SCI clearance with Polygraph.
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• BS 12-15, MS 10-13, PhD 10+
• The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include the Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity, or other cybersecurity-related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring and systems.

Desired Qualifications:

• Ability to provide technical cybersecurity guidance.
• Ability to convey technical information to non-technical individuals.
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies.
• Ability to work in a dynamic and challenging environment.
• Demonstrated experience with the Sponsor's Authorization and Accreditation (A&A) process and the Project Management Framework.
• Demonstrated experience with the Sponsor's diverse information technology infrastructure, including operating systems, major application systems, and network architecture.
• Demonstrated experience with: encryption technologies; operating systems; database technologies; networking, including the OSI model, including TCP/IP, MPLS, SONET, and Ethernet; routing, switching, firewalls, and data protection; cloud computing; information storage; virtual machine technology; cyber risks, exploits, vulnerabilities, and associated mitigations; conducting security reviews and assessments; information technology and a practical understanding of application, system, and network security best practices; information security policies; identifying and managing information security risks in an enterprise environment; and making reasoned, timely and fact-based decisions, and conveying reasoning to customers and team members.
• Certified Information Systems Security Professional (CISSP).

EEO Statement

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.