Lead, Cyber Intelligence (ISSM)

L3Harris•Wilmington, NC

About The Position

Responsible for the development, deployment and execution of controls and defenses to ensure the security of company technology, information systems, and system deliverables. Essential Functions: Develops and implements appropriate standards and criteria for hardware, software, access and encryption requirements. Establishes system security designs and validates compliance requirements. Assesses and mitigates system security threats and risks throughout the program life cycle. Performs system certification and accreditation planning, testing, and validation activities in coordination with government customers. Supports secure systems operations and maintenance. Conducts internal information technology system audits and risk assessments and reports findings and recommendations for corrective actions to management. Executes first level responses and addresses reported or detected incidents. Investigates and analyzes all response activities related to cyber incidents. Interprets, analyzes, and reports all events and anomalies in accordance with directives, to include initiating, responding, and reporting discovered events. Research, evaluates, tests, recommends, communicates and implements new security software or devices Provide details for developing Information System Security (ISS) Risk Management Framework (RMF) documentation (SSP, SAR, RAR, SAP, SCTM, POA&M, etc.) to support the Assessment & Authorization (A&A) of assigned system(s) Performs ISS controls verification and validation as part of the systems’ Continuous Monitoring Plan Oversees configuration management of assigned systems Performs periodic hardware/software inventory audits Identifies system security controls shortcomings and annotates POA&M entries for deficient items, playing a vital role with remediating control deficiencies

Requirements

Bachelor’s Degree and minimum 6 years of prior relevant experience.
Graduate Degree and a minimum of 4 years of prior related experience.
In lieu of a degree, minimum of 10 years of prior related experience.
Active Top-Secret Clearance with SCI Eligibility
Experience reviewing security compliance scans and interpreting vulnerability scanning results (Nessus, SCAP)
CISSP certification required
Experience with Linux/Unix Information System Security requirements

Nice To Haves

Knowledge of COMSEC Responsible Officer duties.
Widespread experience in DISA Security Technical Implementation Guidelines (STIG) and requirements

Responsibilities

Develops and implements appropriate standards and criteria for hardware, software, access and encryption requirements.
Establishes system security designs and validates compliance requirements.
Assesses and mitigates system security threats and risks throughout the program life cycle.
Performs system certification and accreditation planning, testing, and validation activities in coordination with government customers.
Supports secure systems operations and maintenance.
Conducts internal information technology system audits and risk assessments and reports findings and recommendations for corrective actions to management.
Executes first level responses and addresses reported or detected incidents.
Investigates and analyzes all response activities related to cyber incidents.
Interprets, analyzes, and reports all events and anomalies in accordance with directives, to include initiating, responding, and reporting discovered events.
Research, evaluates, tests, recommends, communicates and implements new security software or devices
Provide details for developing Information System Security (ISS) Risk Management Framework (RMF) documentation (SSP, SAR, RAR, SAP, SCTM, POA&M, etc.) to support the Assessment & Authorization (A&A) of assigned system(s)
Performs ISS controls verification and validation as part of the systems’ Continuous Monitoring Plan
Oversees configuration management of assigned systems
Performs periodic hardware/software inventory audits
Identifies system security controls shortcomings and annotates POA&M entries for deficient items, playing a vital role with remediating control deficiencies