Information Systems Security Officer - Military veterans preferred
2019-01-10 ManTech (www.mantech.com)
Alexandria Virginia United States
Basic Program Overview: At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
ManTech is looking for a self-motivated and customer-oriented Information Systems Security Officer in support of a secure Windows/Linux based Information System. The ISSO will support the audit, accreditation, and mitigation effort of the Information System. The ISSO will serve as the Security Control Assessor for multiple DoD Systems of varying classifications.
Responsibilities include but not limited to:
Strong Knowledge of Assessment and Authorization (A&A) process for DoD Systems
Experience with Vulnerability Mitigation
Knowledge of Assured Compliance Tools, e.g., Nessus, ACAS
Strong Knowledge of Risk Management Framework (RMF)
Strong Knowledge of NIST 800-53
Knowledge of Cloud Security and Cloud Based Security Authorizations
Review and recommend INFOSEC solutions to customer problems based on an understanding of products/systems test results
Conduct systems security analysis and implementation, system engineering, design assurance, testing, software engineering, program design, configuration management, integration and testing of INFOSEC products and techniques
Ensure INFOSEC solutions are based on a firm understanding of government/industry policy, practices, procedures, and customer requirements
Review and develop core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
Ensure all information systems are functional and secure in operations and adhere to IA policy, procedures and structure to develop, implement, and maintain a secure information system.
Develop, implement, and integrate information security standards and procedures through the IA process as required.
Familiarity with creating and maintaining security checklists, templates and other tools to aid in the A&A process.
Write comprehensive security analysis reports including assessment-based findings, outcomes and enter this data into Enterprise Mission Assurance Support Services (eMASS) for evaluation by Authorizing Officials to support the receipt of an Authority to Operate (ATO) for the systems
Describe, test and validate security measures active on security infrastructure devices for the protection of computer systems, networks and information systems
Determine security violations and inefficiencies through security tests, evaluations and audits
Recommend improvements by assessing current security implementations and anticipating new security requirements
Maintain system security by implementing and maintaining security controls consistent with Federal Risk and Authorization Program (FedRAMP) Develops, tests and trains on Contingency and Incident Response planning
Must possess excellent analytical skills and be capable of quantifying risk to enterprise systems and level of compliance with security policy
Familiarity with Microsoft, Cisco and other security vendor technologies
Experience with Assured Compliance Assessment Solution (ACAS)
Knowledge of Windows 10, Windows Server 2008/2012 R2, Active Directory Group Policy
Experience with certification testing, RMF, information assurance tools, DoD STIG, and vulnerability assessment DoD 8140 certification (IAT Level II, IAM level II or IASAE Level II)