CSCI is seeking a well-qualified and self motivated Information Systems Security Manager (ISSM) to support a Department of Defense (DoD) customer located in Arlington, VA. Candidates must have experience implementing and supporting infrastructures that meet and adhere to the controls defined in the DoD Intelligence Information System (DoDIIS) – Joint Security Implementation Guide (DJSIG) and the DoD Joint Special Access Program Implementation Guide (JSIG). Successful experience implementing and supporting the Risk Management Framework (RMF) has defined in the above directives is required.
All candidates require experience implementing and supporting Defense Information System Agency (DISA) Secure Technical Implementation Guides (STIG) for Red Hat Linux and Microsoft Windows Server Operating Systems.
Daily activities include:
- Serve as an ISSM for multiple systems and ensure system processes are being followed by all personnel including privileged users.
- Create and maintain System Security Plans (SSP), Security Control Traceability Matrixes (SCTM), Plan of Actions and Milestones (POA&M), and all other RMF documentation required for supported systems.
- Review and evaluate RMF packages from outside organizations to provide inputs and recommendations to Authorizing Official (AO).
- Perform SCAP Compliance Checker (SCC) scans to ensure configurations are in accordance with latest DISA STIGs.
- Perform Nessus Security scans to ensure all known vulnerabilities are mitigated or documented within a system Plan of Actions and Milestones (POA&M).
- Interface with external entities in regards to maintaining the Authorization of existing infrastructures.
- Perform system audits on multiple platforms and implement processes and technologies that help highlight anomalies that can be evaluated to ensure Confidentiality, Integrity, and Availability is not compromised.
- Maintain strong security posture to all supported infrastructures.
The candidate requires the following:
- Excellent communication skills.
- Strong writing skills to create and review RMF documentation.
- Strong technical skills with Linux and Windows operating systems to go along with an in depth understanding of the RMF process.
- Ability to effectively work with others that helps foster and encourage a positive work environment.
Requires a minimum of 5 years experience working as an Information System Security Officer (ISSO) or Information ISSM supporting the DCID, ICD 705, JDODIIS, JAFAN, DJSIG, and/or JSIG. Experience implementing and supporting RMF is required.
BA/BS or AA/AS in Information Technology, Cyber Security, or related discipline.