Full Time Employee Contractor
ManTech is seeking an Information Systems Security Officer (ISSO) that will be joining a team of dedicated information technology specialists. The ISSO will partner with the Information Systems Security Manager to ensure that management, operational, and technical controls for securing either National Security Systems or Sensitive but Unclassified (SBU) level Information Systems are in place and followed. This includes ensuring the implementation of appropriate information security requirements for Information Technology (IT) systems throughout their life cycle, from the requirements definition phase through disposal. The ISSO shall possess effective interpersonal and presentation skills, as he/she will operate in a client-facing role. The ISSO must possess experience with Risk Management Framework (RMF). The position requires experience with vulnerability scanning, analysis and security control assessments. Candidates must be self-starters and be able to solve complex problems with minimal supervision.
? Active TS/SCI clearance
? Typically requires a Bachelor?s degree minimum of 6 years of related IT Systems Security experience; Master?s degree with a minimum of 4 years of related experience; or PhD with a minimum of 2 years related experience.
? Must possess one of DoD approved 8570 Baseline certifications for IAM level I or plan to be certified within 6 months of hire date
? Knowledge of the ICD 503 instructions and methods, Risk Management Framework (RMF) principles, NIST Special Publications including FIPS 199 & 200, and should have an understanding of the various IT system security essentials (to include: hardware, software system audits, overall Information Assurance (IA), access control systems and methodology, physical security and information security)
? Must have hands-on experience and extensive knowledge preparing and updating documents such as: System Security Plans (SSPs), Contingency Plans (CPs), Risk Assessments Matrices (SRTMs), Business Continuity Plans (BCP), Business Impact Analysis (BIA), Security Impact Assessments (SIAs) for proposed System Configuration changes
? Experience with DoD STIG?s, CIS Benchmarks, NESSUS, SCAP, or other related hardening and compliance assessment tools
? Experience in screening and performing data transfers into protected environments along with declassifying data for release (Document Detective, Purifile, Cipher).
? Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, etc.
? Knowledge of SPLUNK or similar audit review tool
? Experience with
o Industrial or Federal Government IT and cyber security
o System and Network administration of a hybrid and mixed environments (Windows, Linux, Virtualization)
o COMSEC policies and procedures including certification and key management processes
? Experience with
o Reviewing architecture changes for security impacts and possible recertification
o Establishing standards for information systems procedures
? Experience ensuring that hardware, software, and data are archived, sanitized, or disposed of in a manner consistent with system security plans and customer/program requirements
? Advanced IT and IA concepts through formal security training, computer-based-training, and on-the-job training
? Perform information system audit reviews in accordance with governing policies
? Preferred CISSP or Security+ CE certification in good standing
? Experience with Security Repository Tools such as Telos Xacta IA Manager or Trusted Agent FISMA (TAF)
? Implement tools and techniques in support of Insider Threat Mitigation Program.
? An understanding of compartmented programs
? Application security, database security, and network security
? Networking / Firewall Access Control
? Promote Security Awareness Training & Education (to include different possible social engineering attacking techniques)
Will be a member of IT Directorate and will report to the IT Manager for Special Programs. The candidate will perform the following assigned tasks using established policies and procedures:
? Serve as ISSO for multiple programs/sponsors and assist/provide backup for Program Information Systems Security Manager (ISSM)
? Assist with design and requirements for information systems
? Serve as a member of the Configuration Control Board to participate in all configuration management activities
? Ensure system configuration guidelines are followed and monitored for compliance with Information Assurance (IA) requirements
? Participate in risk assessments of information systems
? Assist with the design of IA safeguards of security support structure to include IDS, firewalls, IPS, etc
? Assist in conducting tests of IA safeguards in accordance with test plans
? Assist with or perform other IA tasks in conjunction with ISSM
? Handle personal, confidential and Privacy Act information in a professional manner
? Participate in the hardening of systems in a mixed Windows and Linux hybrid environment