This site uses cookies. To find out more, see our Cookies Policy

Principal Information Systems Security Officer (ISSO) in Washington, DC at ManTech

Date Posted: 4/12/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Job Type:
    Other
  • Experience:
    Not Specified
  • Date Posted:
    4/12/2018

Job Description

Group:


MCIS

Clearance Level Needed:


TS/SCI

Shift:


Day

Category:


Cyber




Are you ready for a challenge and ability to use some of the newest and best cyber security and information technology tools available in the industry? Join an elite cyber security team as a Principal Information Systems Security Officer using state-of-the-art tools supporting a great DoD customer in a cutting edge system/network development environment! Looking for go-getters only for an experienced team who push the envelope for cyber security and information assurance excellence. Using the leading industry technology (Splunk,, NSX, scanning tools, engineering SW, etc) and RMF, be one of the go-to team members to conduct cyber security monitoring, analysis, assessment, and operations!

Responsibilities include but are not limited to:

  • Responsible for cyber security threat analysis on systems and networks utilizing the latest and greatest of VMware, Windows, Linux, NSX, Matlab, and various engineering SW suites
  • Conduct technical information assurance evaluation for multiple networks using Splunk and various scanning tools, etc for new information technology to include NSX, latest VMware suite, and unique engineering SW applications
  • Responsible for elements of physical and environmental IT protection, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
  • Ensure all users are aware of their security responsibilities before being granted access to the system, and periodically thereafter
  • Create and maintain existing information system security documentation, including SSP, SCTM, and Security Configuration Guide
  • Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
  • Create security policies and maintain existing information system security documentation
  • Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package
  • Work with the IA team to maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
  • Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
  • Conduct daily, weekly and monthly audit review and management of the audit collection system
    Continuously review and evaluate best practices for implementing a comprehensive audit program
  • Maintain vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring all patches are up to date on a monthly basis minimum
  • Implement media control and data transfer policies
  • Remain sensitive to security infractions and assist in security investigations and responses as requested
  • Work with project teams responsible for engineering and packaging releases for new and existing sites that integrate within the customer's production IT environment
  • Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
  • Perform continuous monitoring IA duties to include validating that required backups are performed at designated times
  • Work in close coordination with the ISSM, you will play an active role in monitoring assigned systems and their environment of operation to include developing and maintaining the System Security Plan (SSP) and Security Controls Traceability Matrix (SCTM), managing and controlling changes to the system, and assessing the security impact of those changes

Positions Requirements:

  • Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and 7 - 9 years experience with information networks and related security concerns; or a Master's degree with 5-7 years experience
  • Strong background and extensive experience with RMF, ICD 503, NIST SP800-53 or DCID 6/3; knowledge of current authorization practices, particularly within the DoD. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
  • Experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing. This might also include some system administration work with an emphasis on security control implementation.
  • Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end point protection
    Splunk experience preferred
  • Knowledge of VMware NSX a plus
  • Analytical skills and be capable of quantifying risk to enterprise systems and level of compliance with security policy
  • DoD 8570.1 / DoD 8140.01 IA certification (IAT Level II or III, IAM level I, II or III, IASAE Level I, II, or III). Security+CE or equivalent required at a minimum; CAP, CASP, CISSP, or CISM desired
  • DoD 8570.1 / DoD 8140.01 Microsoft or VMware OS certification preferred
  • Communicate well, both orally and in writing

Security Clearance required:
Requires active TS/SCI clearance



Job Requirements

Requires Bachelor¿s degree or equivalent and seven to nine years of related experience.