Information Systems Security Manager

Cayuse Holdings

2d•Onsite

About The Position

The Information Systems Security Engineer (ISSE) is responsible for the security engineering, implementation, and continuous monitoring of information systems in compliance with federal regulations, agency policies, and industry best practices. The ISSE provides subject matter expertise in all aspects of system security architecture, controls implementation, risk assessment, and accreditation processes, ensuring the confidentiality, integrity, and availability of IT assets. This position aligns with Cayuse’s core values of Innovation, Excellence, Collaboration, Adaptability, and Integrity by fostering technical solutions that meet customer needs, promoting teamwork, and prioritizing quality in deliverables.

Requirements

Bachelor’s degree (STEM, field) or Associates with approved equivalent experience.
IAT/M Level III.
2 years’ risk management framework experience within the last 5 years.
Active Top Secret Security Clearance is required.
Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
Exceptional verbal and written communication skills.
Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
Ability to analyze systems and procedures.
Strong multitasking skills with the ability to manage multiple design streams across concurrent work effort.
Must be self-motivated and able to work well independently as well as on a multi-functional team.
Ability to handle sensitive and confidential information appropriately.

Responsibilities

Perform Information Systems Security Engineer duties consistent with the labor category and required RMF experience.
Support security architecture and security engineering activities aligned to DCWF work roles (Security Architect; Information Systems Security Developer; Cyber Defense Infrastructure Support Specialist).
Support security control assessment and ISSM coordination activities aligned to DCWF work roles (Security Control Assessor; Information Systems Security Manager).
Maintain and apply required IAT/M certification level (II or III) within the scope of assigned duties.
Stay up to date on emerging technologies, exploits, vulnerabilities, and hacker techniques and provide briefings and reports to leadership.
Train staff on, and oversee the use of, information security standards, policies, and best practices while performing duties outlined in national standards including, but not limited to: CNSSI 4009, NIST 800-37, and NIST 800-160.
Understand system engineering and cybersecurity concepts and methodologies at the professional level with knowledge equivalent to: Certified Information Systems Security Professional, Cisco Certified Network Professional, VMWare Certified Professional, or similar certifications.
Create, draft, and maintain Security Assessment and Authorization packages along with assisting and consulting in the development of information security procedures.
Provide artifacts for RMF packages including, but not limited to: Security Plans, Security Assessment Reports, Security Controls Traceability Matrix, and Plan of Action and Milestones.
Ensure systems comply with Cybersecurity and Information Assurance and Cybersecurity standards and best practices including, but not limited to: Endpoints, Switches, Routers, Firewalls, and Servers.
Assist and consult in technical management including, but not limited to: Business/Mission Analysis, System Requirements Definitions, System Architecture, Defense in Depth, Zero Trust, Domain Separation, and Disaster Recovery.
Assist/consult in technical processes including, but not limited to: Project Planning, Configuration Management, Risk Management, and Information Management.
Ensure proper implementation of technical security controls and measures including, but not limited to STIGs, AAA, VPN, Public Key Infrastructure (PKI), Identity, Credential, and Access Management (ICAM), and Security Patches.
Ensure all systems are properly logging events to include but not limited to the Security Incident and Event Monitor (SIEM) used for live monitoring and alerts.
Perform system audits, vulnerability scans, and threat assessments on all networks including, but not limited to: System Analysis/Forensics and Anomaly Detection.
Perform incident response activities and conduct investigations of information security breaches to identify vulnerabilities and evaluate the damage including, but not limited to: Provide Intelligence, Provide Reports and Malware.
Other duties as assigned.