Information Systems Security Manager
- Posted: over a month ago
An individual must meet the following criteria to be considered:
- U.S. Citizen
- Pass a background investigation
- Possess a TS/SCI Security Clearance (with CI Polygraph preferred)
- Possess DoD 8570-compliant security certifications to meet IAT/IAM III requirements (CISSP, CCNA, etc.)
We're searching for an Information System Security Engineering team to help architect and engineer systems that utilize existing and emerging technologies. In this role, you will perform the tasks in coordination with government personnel to provide the cybersecurity support services and solutions necessary to build, integrate, enhance, improve, modernize, implement, test, analyze, assess, sustain, and maintain the cybersecurity posture and capabilities.
General Required Skills:
- Demonstrated experience and familiarity with DoD and Army Cybersecurity Polices and Regulations and Certification and Accreditation (C&A) process, including the provisions of ICD 503, the planning and execution of Security Test and Evaluation (STE), and Cybersecurity Test and Evaluation (CTE) events
- Advanced experience with SELinux, Linux, and Windows server systems
- Understanding of networking fundamentals and network protocols, like TCP/IP, SSH, SFTP, HTTP, and SCP
- Experience with Cross Domain Systems
- Experience with DIACAP, RMF, ICD 503, CNSSI 1253 and NIST Special Publications
- Experience with the DoD Security Technical Implementation Guides (STIGS), Security Requirements Guides (SRG), and industry best practices for various applications
- Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security Suite (HBSS) applications
- Knowledge and understanding of cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of cybersecurity principles.
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of specific operational impacts of cybersecurity lapses.
OurCybersecurity Engineering team seeks an experienced Information Systems Security Officer to provide technical expertise with engineering and supporting Accreditation & Authorization (A&A) efforts. In this role, you will:
- Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classifications to meet Intelligence Community (IC), DoD, and Army cybersecurity/information assurance regulations and policies. This includes providing guidance and oversight to vendors
- Direct experience with implementation of Intelligence Community (IC), DoD, and Army regulations (such as DOD-I-8500, DOD-I-8510, ICD 503, NIST 800-53, CNSSI 1253, Army AR 25-2) and RMF security control requirements and able to provide technical direction, interpretation, and alternatives for security control compliant.
- Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required using eMASS, XACTA (or other approved A&A tool). Direct experience with eMASS, XACTA or other A&A repositories required.
- Develops, reviews, evaluates, and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD, and Army cybersecurity and Information Assurance (IA) regulations, policies, and organizational security policies) in Information Systems (ISs) are met. ISs include Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program's portfolio.
- Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
- Support various information assurance programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures including: System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
- Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed
- Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A)
- Provides configuration management (CM) for information system security software, hardware, and firmware
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to acceptable security levels
- Maintain operational security posture for an information system or program
- Apply a full range of cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information
- Perform cyber defense trend analysis and reporting
- Conducting vulnerability scans and recognizing vulnerabilities in security systems
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk
- Resolve computer security incidence and vulnerabilities
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
- Provide Configuration Management (CM) for security-relevant information system software, hardware, and firmware; Perform risk analysis whenever an application or system undergoes a major change
- Provide input to the Risk Management Framework (RMF) process activities and related documentation
- Ensure that Plans of Actions and Milestones or remediation plans are in place for vulnerabilities identified during risk assessment
- Competitive Salary
- Comprehensive medical coverage
- Dental, Vision, STD/LTD, and Life Insurance Coverage
- 401(k) Retirement Plan – 4% Employer match of employee contribution
- Paid Time Off (PTO)
- Holidays - All employees are given six (6) paid days off and five (5) floating holidays in observance of the U.S. federal holidays
- Health Reimbursement Arrangement (HRA) - 100% funded ($6,500 individual/ $13,000 family)
- Employee Referral Program - Employee referral bonus is paid for eligible candidates after 90 days of employment
- Education Assistance & Continuing Education Program - Employees can use up to $5,000 annually toward continuing education, certifications, training, and conference attendance
- Community Outreach - Employees that volunteer 40 (or more) hours a year to community service or Our Community Outreach events receive a cash bonus
Input Technology Solutions
AddressAberdeen Proving Ground, MD
What email should the hiring manager reach you at?