Information Security Engineer, Principal - Military veterans preferred

ManTech (


  full-time   employee   contract

United States

Information Security Specialist, Principal

Currently, ManTech is seeking a motivated, career and customer oriented Principal Information Security Specialist to join our team in the Marshal, VA area to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech.

As a Principal Information Security Specialist you will serve as the subject matter expert with a focus on cyber security risk management and governance, including the integration of cyber disciplines, such as mission assurance and supply chain risk management. You will work closely with Systems Engineers and project stakeholders to ensure approaches, constraints, and perspectives are fully recommended and considered in risk management and policy decisions. Analyze the development of strategy, policy, governance, and implementation guidance recommendations to more closely integrate Cyber security disciplines to enable a holistic risk management approach. Perform Risk Management Framework (RMF) Assessment and Authorization (A&A) responsibilities. Develop the documentation, validation, and accreditation processes necessary to assure systems meet security and privacy requirements. Evaluate test results, analyze risk, and develop security assessment documentation to support accreditation decisions. Create a risk mitigation strategy and ensure security configurations are maintained in accordance with DoD mandated policies. Interpret RMF guidance from Authorizing Officials for clients and provide information and input for the preparation of accreditation packages. Assess the applicability of emergent vulnerabilities to individual systems and technologies.

Responsibilities include, but are not limited to:

• Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF
• Complete Security Authorization packages, to include system security plans, security assessment reports, POAM summaries and a continuous monitoring plan/assessment schedule, and present executive briefing to senior management.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc. Provide hands-on Component assistance as necessary.
• Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current. Provide hands-on assistance to as necessary.
• Ensure system security authorization controls contain accurate implementation statements and assessments results, and that appropriate artifacts are completed to support findings. Provide hands-on assistance as appropriate.
• Ensure POAMs have appropriate milestones, accurate description of the weaknesses and remediation, task owners, estimated cost to completion and realistic due dates. Provide hands-on assistance to Components as necessary.


• 10+ years of experience in the Cyber security or information assurance field
• 5+ years of experience in supporting Cyber security risk management efforts within the DoD
• 4+ years of experience in developing Cyber security or IT policy and guidance
• 3+ years of experience with analyzing, assessing, or implementing NIST 800-53 Rev 4 security controls or previous versions, CCIs, and associated assessment procedures
• Experience with developing IT policy, guidance, or procedure documentation supporting Cyber security accreditation
• Experience with developing and presenting complex technical information for technical and non-technical audiences
• Must possess well-developed verbal and written communication skills

Position Requirements
• Requires Bachelor's degree or equivalent (Computer Science or a related field)
• Ability to travel up to 10%

Security Requirements:
• An active and current TS/SCI clearance is required

• Minimum of Bachelor's Degree in Computer Science or a related technical discipline or equivalent work experience.
• Vendor certification and/or training is expected but not required in cases of established experience