Information System Security Manager

About The Position

Requirements

• MUST BE A U.S. CITIZEN
• Final Transferable Secret security clearance; last Periodic Re-investigation must be within the last five (5) years or enrollment in Continuous Vetting program
• Possess a valid certification that meets or exceeds DoD 8570.01-M IAM I requirements. (e.g., CAP, CND, Cloud+, Security+ CE)
• Experience executing Security Hardening on Windows and/or Linux Operating Systems based on approved DISA STIGs and SRGs
• Experience with standard cyber security tools and applications (e.g., Splunk, ESS/Trellix ePO, ACAS/ Tenable.sc)
• Ability to build effective customer and partner relationships

Nice To Haves

• Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role
• Prior COMSEC experience.
• Proven knowledge of DCSA Assessment and Authorization Process Manual (DAAPM) / DCSA Assessment and Authorization Guide (DAAG), Joint Special Access Program Implementation Guide (JSIG), or Risk Management Framework (RMF) as a Subject Matter Expert (SME)
• Excellent written and verbal communication skills and ability to effectively interface with numerous cognizant security agencies, customers and senior leadership
• Knowledge of other security disciplines and how they impact and interact with information system security

Responsibilities

• Developing and maintaining the site’s cybersecurity program for assigned systems.
• Ensuring all applicable cybersecurity policy, plans and procedures are followed.
• Ensuring required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.
• Developing and maintaining cybersecurity related plans, procedures and guidance.
• Maintaining NSA COMSEC account as the COMSEC Responsible Officer; to include performing custodian duties.
• Monitoring and recognizing non-compliance, suspicious and anomalous activity (i.e., threats), and effectively reporting such activity and associated risks to the appropriate parties.
• Ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc. and implementing, or overseeing, required corrective actions.
• Conducting role-based cybersecurity training for assigned users.
• Creating, collecting and retaining data to meet reporting requirements.
• Monitoring and correlating data (e.g., logs, events, activity, etc.) from a variety of sources (e.g., Splunk, ELA, ePO, ESS, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance.
• Investigating, analyzing and responding to cyber events, incidents and non-compliance, to include trend analysis, assembling detailed written reports and briefing the appropriate parties.
• Identifying, implementing, and enforcing overall security requirements for the proper handling and storage of Government data and electronic media.
• Conducting self-inspections and preparing for customer inspections.
• Communicating and interacting professionally during the enforcement of security policy and procedures.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• 401(k) match
• Flexible Spending Accounts
• EAP
• Education Assistance
• Parental Leave
• Paid time off
• Holidays