Principal Information System Security Officer (ISSO)

ManTech (


  Full Time   Employee   Contractor

San Diego
United States

Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer oriented Information System Security Officer (ISSO) to join our team in the San Diego, CA area to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech. The selected candidate ensures that the appropriate operational security posture is maintained for assigned information systems and as such, works in close collaboration with the Information System Security Manager (ISSM), the Chief Information Security Officer (CISO) staff, and the Information System Owner (ISO). You will ensure that cyber security requirements are effectively integrated into information systems' operations, management, and documentation.

Responsibilities include but are not limited to:

  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
  • Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
  • Create and maintain existing information system security documentation, including SSP, SCTM, and Security Configuration Guide
  • Write implementation and design documents describing how security features are implemented
  • Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
  • Create security policies and maintain existing information system security documentation
  • Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package
  • Work with the IA team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
  • Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
  • Conduct daily, weekly and monthly audit review and management of the audit collection system
  • Continuously review and evaluate best practices for implementing a comprehensive audit program
  • Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure
  • Implement media control and data transfer policies
  • Provide direction and guidance to less experienced IA personnel
  • Remain sensitive to security infractions and assist in security investigations and responses as requested
  • Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
  • Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
  • Communicate well, both orally and in writing

Position Requirements:

  • Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and five to seven years experience with information networks and related security concerns; or a Master's degree with three to five years experience
  • Strong background and extensive experience with RMF, ICD 503, NIST SP800-53 or DCID 6/3; knowledge of current authorization practices, particularly within the DoD. Extensive background with DITSCAP/DIACAP may be substituted in some cases
  • Some experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing. This might also include some system administration work with an emphasis on security control implementation
  • Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end point protection
  • DoD 8570.1 / DoD 8140.01 certification (IAT Level II or III, IAM level I, II or III, IASAE Level I, II, or III). Security+ or equivalent required at a minimum; CAP, CASP, CISSP, or CISM desire
  • ITIL v3.0 or Foundation Certifications desired

Security Requirements:

US Citizenship and active TS clearance required with abilily to obtain a SCI


To apply for this job, contact:
Human Resources

Save This Job

Email This Job to a Friend