News

Information Systems Security Manager (ISSM) for SciTec in Boulder, CO (salary not disclosed)

November 30, 2022 | Job Postings

SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM) in our Boulder, CO office. The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.

Requirements/Duties

  • Leading the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
  • Conducting cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
  • Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase.
  • Develop and execute a Continuous Monitoring program for information systems in accordance with NIST 800-53
  • Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process
  • Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
  • Conduct required IS vulnerability scans according to risk assessment parameters.
  • Continuously evaluating system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
  • Supporting the local SciTec Facility Security Officer (FSO) in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
  • Contribute to Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 which may include authoring policy and procedure, capturing artifacts, and working related projects.
  • Contributing to other corporate security and information assurance activities throughout the company with System Administrators, Security, and other stakeholders.
  • Successful candidates will have strong written and communication skills to maintain a relationship with government counterparts and other mission partners.
  • Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner
  • At least two years serving as an ISs Security Officer or Manager at a cleared facility.
  • Familiarity with the use and operation of DISA SCAP and STIGViewer tools
  • Is technical lead for the Risk Management Framework (RMF) package creation and compliance.

Requirements

  • Must be a U.S. Citizen.
  • Candidates must have an active Secret government security clearance.
  • 2 years of experience specifically supporting the administration of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
  • 4 year degree in Information Technology, Cybersecurity, Computer Science or other related field
  • Must have experience with Windows/Linux based troubleshooting; understand where to locate specific log files for forensics.
  • Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
  • Ability to research and develop solutions to emerging cyber threats.
  • Proficient with Microsoft Word, Microsoft Excel, OneDrive.
  • Self-starter with ability to work independently.
  • Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.

Preferred Experience, Skills, and Abilities:

  • An active TOP SECRET clearance.
  • A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
  • Prior successful experience as an ISSM.
  • Prior experience with NIST 800-171, NIST 800-53 (both DIACAP 8500.2 and Risk Management Framework), and Continuous Monitoring and Risk Scoring (CMRS).
  • A college degree in computer science, info tech, info security, or a related field.
  • Experience working with the ELK stack.
  • Experience with Azure, AWS, or similar cloud environments.
  • Have experience with VMware or other virtualization software.
  • Python, PHP, Perl, PowerShell, or Bash scripting experience.
  • Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
  • Incident response and reporting experience.

For more info.: https://theucf.info/bTNLpu