Information Systems Security Manager

About The Position

Requirements

• MUST BE A U.S. CITIZEN - This position is located at a facility that requires special access
• Current Top Secret security clearance with investigation or CV date within 5 years, with ability to pass a Counterintelligence Polygraph
• Ability to successfully complete additional enhanced security review in accordance with Government contract requirements and it is a condition of employment that individuals hired into positions requiring program clearance obtain and maintain such clearance within sufficient time to allow Lockheed Martin to meet its business needs
• Knowledge of PL3 accreditation processes
• Experience working directly with Government customers and Approval Authorities
• Strong written and verbal communication, analytical, troubleshooting, and interpersonal skills
• Ability to work with multiple customers and foster collaborative team environments
• Experience in SAP/SCI/Collateral environments and knowledge of government contractor network interconnectivity arrangements
• Expertise with the Risk Management Framework (RMF)
• Deep understanding of the NIST Risk Management Framework and the ability to author and maintain SSPs, POA&Ms, and security assessment packages
• Direct experience implementing NIST SP 800 53 security controls
• Proficiency with core cyber security tools, (e.g., Splunk, Trellix ePO, ACAS/Tenable SC)

Nice To Haves

• 8+ years of related experience and may have a post-secondary degree or training in a related discipline
• Prior ISSM/ISSO experience while collaborating with a team of ISSOs in order to satisfy requirements and goals
• PL3 environment experience
• DevSecOps
• Hands on expertise in DevSecOps practices and AI integration for security operations
• Hands on experience with Infrastructure as Code tools (Terraform, AWS CloudFormation, Azure ARM, Ansible) and the ability to review and harden IaC templates for compliance
• Proven expertise in DevSecOps practices, including secure CI/CD pipeline design, automated security testing, and vulnerability management
• High Performance Computing environments
• Hands on experience in information system security or a comparable cyber security role, specifically supporting HPCC or large-scale distributed systems
• Prior experience leading or managing teams
• Prior experience as a Security Controls Assessor (SCA)
• Familiarity with orchestration tools, e.g.: Kubernetes, Palette, Harness, Flux, Openshift, Rancher, Docker
• Familiarity with Qmulos
• Proficiency with the ELK stack for log aggregation, analysis, and visualization in a classified environment
• Capacity to manage multiple projects in a fast paced, demanding setting
• Experience with complex operating systems, data center and cloud environments, cross domain solutions, and NSA Type 1/Commercial Solutions for Classified (CSfC) encryption
• Strong Linux background (RHEL, Rocky, CentOS or similar) for system administration, kernel hardening, package management, and security focused configurations
• Proven ability to conduct internal/external customer assessments, identify gaps, and develop corrective action plans
• Proven track record hardening Windows and RHEL systems using approved DISA STIGs/SRGs and implementing NIST SP 800 53 controls

Responsibilities

• Coordinating and managing interactions with government accreditation authorities to facilitate and maintain 100% active accreditation status of all Authorization to Operate.
• Overseeing technical administration of information system in accordance with internal LM and customer security requirements, primarily Risk Management Framework (RMF) to include Continuous Monitoring, Plan of Action and Milestones (POA&M), and Change Management.
• Developing and implementing government-approved information security procedures and system security plans for the operation of networked and standalone classified computers systems.
• Communicating, implementing, and managing a formal Information Security / Information Systems Security Program together with the Facility Security Officer (FSO) and Program Management.
• Overseeing and conducting risk assessments on cybersecurity architecture and perform comprehensive investigations of computer security incidents, collaborating with outside agencies as required.
• Acquisition, training, development and retention of a technical team of security professionals that are responsible for ongoing compliance of accredited classified computing environments.
• Planning, implementing, monitoring, and upgrading security measures for the protection of the program data, non-deliverable systems, and networks.
• Troubleshooting technical security and network problems.
• Participate in planning and implementation of current and future security domains including those which may introduce new service areas (i.e., Cloud Computing, DevSecOps, etc.).
• Handling mission requirements which may drive unpredictable work hours/schedules.
• Working in a high paced environment driven by growing and ever-changing technical implementation requirements.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• 401(k) match
• Flexible Spending Accounts
• EAP
• Education Assistance
• Parental Leave
• Paid time off
• Holidays