Information Systems Security Manager (ISSM) - Clearance Required
- Posted: August 09, 2022
EXP is seeking a security-focused developer who will also serve in an Information Systems Security Manager (ISSM) role on our team. The ideal candidate focuses on security automation as a part of the DevSecOps lifecycle for DoD and IC customers, while also fulfilling the ISSM role of under the guidance of the company leadership, Chief Information Security Officer (CISO), and Facility Security Officer for both controlled unclassified and classified information systems, both on premise and in cloud environments.
- Develop, modify, and extend security automation capabilities using authoring and maintaining documentation supporting the Assessment & Authorization of assigned systems in accordance with the Risk Management Framework (RMF), NIST 800-171, NIST 800-172, NIST 800-53, or under the ICD 503 and NISPOM
- Continually improve and maintain an information systems security program and document related policies as needed for assigned areas of responsibility
- Coordinate within company IT infrastructure and developers to implement automated methods for device/system hardening and auditing (e.g., SCAP) that follow NIST, DISA STIG, and related guidelines (e.g., defense-in-depth, Zero Trust)
- Develop automated mechanisms that ensures all systems are rigorously monitored for anomalous activity, using data collected from a variety of cyber defense tools (e.g., IDS/IPS alerts, firewalls, network traffic logs) and AWS cloud security tools (e.g., IAM policies/roles, CloudWatch, CloudTrail, Config, Security Groups, VPCs, WAF, Guard Duty, Inspector)
- Improve and maintain mechanisms that support ongoing hardware/software inventory assessments that support Zero Trust-based principles
- Provide technical and procedural Information System security expertise to development teams, including security aspects of DevSecOps and GitOps
- Maintain ongoing awareness of changes and trends for government and industry security policy, vulnerabilities, mitigations, and technology
- Develop key capabilities to support IA continuous monitoring consistent with CMMC reporting and compliance-manage, maintain, and execute the monitoring plan
- Assume ISSO or System Administrator (SA) responsibilities as necessary
- Coordinate with SAs and ISSOs to monitor all available resources that provide warnings of system vulnerabilities, indicators of compromise, or ongoing attacks
- Coordinate IS security inspections, tests, and reviews
- Ensure data ownership and compliance responsibilities are established for each system, and specific requirements met (to include accountability, authentication, access control, and special handling requirements)
- Ensure development and implementation of effective information system security education, training, and awareness
- Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AO/DAO; and Assess changes to the system, its environment, and operational needs that could affect the security authorization
- Assist in the preparation and review of documentation to include System Security Plans (SSPs), Risk Assessment Reports, and additional documentation packages
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Ensure that cybersecurity-enabled capabilities or other compensating security control technologies reduce identified risk
- Interface with ISSPs and other IT security staff in the tracking and resolution of POA&Ms across all security controls
- Conduct, document, and report ongoing, periodic, and requested self-assessments
- Manage incident response and data spill response process
- Bachelor's Degree in Computer Science or a related technical discipline preferred, or the equivalent combination of education, professional training, or work experience
- Active Top Secret security clearance (you must have an active TS, TS/SCI is preferred)
- A minimum of 8 years of related work experience including 2+ years with networking equipment (e.g., routers, switches); 2+ years interpreting vulnerability scan results; 2+ experience system configuration and reviewing linux server, firewall, and IPS logs
- Minimum DoDI 8570.01 IAM I and/or Security+ certification
- Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph
- Experience as an ISSO, ISSM, or administrator managing cybersecurity on classified systems for multiple DoD/IC organizations
- Must be willing to live in the Northern Virginia/Greater Washington D.C. area and work on site.
Preferred Additional Skills
- Experience with eMASS for RMF package and POA&M tracking
- DAAPM, NISPOM, ICD 503, NIST 800-53, and NIST 800-171 implementations
- Experience with Microsoft 365 Security and Compliance
- Experience with Ansible, Chef Inspec
- Experience with AWS, particularly IAM and related security (CloudTrail, Security Groups) and compliance features (Config, Inspector)
- Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark).
- Knowledge of IDS/IPS tools and applications (e.g., Snort, Suricata)
- Knowledge of network attack tactics (e.g., MITRE ATT&CK stages).
- Flexibility to adjust to changing requirements, schedules, and priorities
- Able to socialize ideas, make recommendations, and gain team consensus
- Candidate must possess the ability to operate independently without supervision
- Strongly self-motived and initiative to learn to acquire new skills
- Active TS/SCI security clearance
Who is Expedition Technology?
Expedition Technology designs, develops, and delivers innovative, advanced signal, image, and multi-INT solutions for the defense and intelligence communities. We leverage advanced algorithms, platforms, and technologies to solve our customers' most complex, demanding, and urgent C4ISR challenges. Our culture promotes individual growth and opportunity, prioritizes a collaborative team spirit, and invites the intellectually curious to creatively solve challenging problems. Headquartered in Northern Virginia's high-tech corridor, EXP is a rapidly growing, privately held, employee-owned company that pushes the boundaries of what is possible every day.
Interested in joining our team? Let's explore together.
To learn more about EXP and discover why we are an award-winning workplace, visit our web site and follow us on LinkedIn.
What do we offer our team?
Expedition Technology (EXP) offers a flexible, self-directed benefits package that is designed to fit your individual needs. Benefits include:
- Company-paid, medical, dental and vision insurance
- Up to 45 days of PTO
- 12% 401k match - Traditional and Roth options available
- Student loan repayment assistance
- Tuition Reimbursement - $5250/year available
- Referral bonus program
- Free tickets to sporting events, theater, concerts and more
- Free, onsite fitness center, onsite cafeteria with reduced-cost meals
- A collaborative, creative and supportive culture where you will be encouraged to push boundaries, take risks and enjoy the rewards.
EXP is proud to be an Equal Opportunity Employer that believes a diverse range of talent creates an environment that fuels creativity and innovation. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, disability, national origin, genetic information or protected veteran status.
Share Apply Apply for this position Required * Apply with Indeed First Name* Last Name* Email Address* Phone* Address Resume* We've received your resume. Click here to update it. Attach resume or Paste resume Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume
Paste your resume here or Attach resume fileCover Letter Are you willing to relocate?* No answerYesNo What's your citizenship / employment eligibility?* No answerI am a U.S. Citizen/Permanent ResidentNon-citizen allowed to work for any employerNon-citizen allowed to work for current employerNon-citizen seeking work authorizationI am a Canadian Citizen/Permanent ResidentOther College or University Do you hold an active US Government Security Clearance?* -- No answer --Top Secret / SCI with current polygraphTop Secret / SCITop SecretSecretNone Where did you first see this position posted?* Will you EVER require sponsorship to work in the United States?* -- No answer --YesNo Are you fully vaccinated against COVID-19?* -- No answer --YesNo The following questions are entirely optional. To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more. GenderDecline to answerFemaleMale Race/EthnicityDecline to answerHispanic or LatinoWhite, not Hispanic or LatinoBlack or African-American, not Hispanic or LatinoAsian, not Hispanic or LatinoNative Hawaiian or Other Pacific Islander, not Hispanic or LatinoAmerican Indian or Alaskan Native, not Hispanic or LatinoTwo or More Races, not Hispanic or Latino Invitation for Job Applicants to Self-Identify as a U.S. Veteran
- A "disabled veteran" is one of the following:
- a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
- a person who was discharged or released from active duty because of a service-connected disability.
- A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
- An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
- An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United St
Expedition Technology, Inc
TechnologyView all jobs at Expedition Technology, Inc