Serve as an Information Systems Security Manager (ISSM) responsible for the Risk Management Framework (RMF) authorization of assigned Information Systems (IS). Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security plan. Conduct periodic assessments of authorized systems and ensure corrective actions for all identified findings and vulnerabilities are addressed in a timely manner. Assume responsibility for all RMF continuous monitoring activities for authorized systems, including periodic analysis of collected audit records and system vulnerability management cycle. Monitor system incident recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure user activity monitoring data is analyzed, stored, and protected in accordance with our program policies and procedures and execute a strong continuous monitoring strategy. Serve as a career manager for ISSOs.
Experience with NIST 800-53, ICD 503, and the Risk Management Framework (RMF) practices, Security Technical Implementation Guides (STIGs), computer networking, and an operating system
Experience with System Administration functions in a networked environment
Knowledge of National Industrial Security Program Operating Manual (NISPOM), Joint Special Access Program Implementation Guide (JSIG), Intelligence Community Directives (ICD) 503/703, the RMF process, and associated National Institute of Standards and Technology (NIST) publications
Knowledge of government classified contracts and DD 254 requirements from an information security perspective
TS/SCI clearance with a polygraph
HS diploma or GED
IAM Level III Certification
Experience as an ISSO, ISSM, ISSE, or Security Controls Assessor
Ability to operate independently without supervision
Ability to work in a team environment and effectively manage Information System Security Officers
Ability to identify, contain, investigate, and report data spills to the government through preliminary written reports
Ability to coordinate the containment and device sanitization with staff at the affected locations
Ability to provide an assessment and mitigation strategy addressing the data spill in the approved response plan
Possession of excellent organizational skills
Possession of excellent verbal and written communication skills
CCNA, Red Hat, or Windows Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance with polygraph is required.
We're an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change - no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.