SUMMARY

As the Information System Security Manager at Firefly Aerospace, you will play a critical role in ensuring all mission-critical systems and enterprise networks maintain rigorous compliance with national security and corporate mandates. This role operates at the critical intersection of cybersecurity policy and system engineering, focusing heavily on translating CNSSP-12 requirements into actionable engineering architectures. You will lead the information assurance strategy, manage the Risk Management Framework (RMF) life cycle per NIST SP 800-37 Rev. 2, and drive continuous compliance for corporate standards including CMMC and NIST SP 800-171. This position offers the opportunity to architect security compliance for advanced space systems and corporate infrastructure. You will report directly to Director of Cybersecurity and collaborate closely with security leaderships, systems engineers, and operations teams to embed security into the development life cycle and ensure our systems achieve and maintain full authorization.

RESPONSIBILITIES

Space Systems Engineering: CNSSP-12 Compliance

Translate complex CNSSP 12 (National Information Assurance Policy for Space Systems) mandates into measurable system engineering requirements and architectural constraints.
• Coordinate directly with system owners, space vehicle engineers, and DevOps teams to

embed security controls into the system development life cycle (SDLC).
• Lead the design and oversee the implementation of secure network architectures for

ground and space segments.
• Conduct security impact assessments, threat modeling, and risk assessments on

proposed space vehicle architectures and system changes.

Risk Management Framework (RMF) Accreditation
• Manage the full system life cycle accreditation processes under NIST SP 800-37 Rev. 2,

driving systems through the RMF to secure Authorities to Operate (ATO).
• Develop and maintain critical accreditation documentation, including System Security

Plans (SSPs), POAMs, and Security Assessment Reports (SARs).
• Provide regular status reports, continuous monitoring metrics, and compliance

briefings to senior management and government Authorizing Officials (AOs).
• Ensure system configurations continuously comply with DISA STIGs and DoD Security

Technical Implementation Guides.

Corporate Compliance; Security Operations
• Lead and manage the corporate-wide cybersecurity compliance initiatives, ensuring

strict adherence to CMMC Level 2+, NIST SP 800-171, and NIST SP 800-53 across

enterprise.
• Manage a diverse, multi-location Information Assurance team, setting goals, driving

accountability, and mentoring security personnel.
• Support incident response activities, ensure timely reporting to government

stakeholders (e.g., DCSA), and lead tabletop exercises to evaluate and improve cross-

functional readiness.
• Oversee red-teaming and penetration testing activities to uncover vulnerabilities and

ensure network resilience.

QUALIFICATIONS

Required:
• BS or MS degree in Computer Science, Cybersecurity, Information Technology, or a

related technical discipline. 4 years additional experience may be considered in lieu of a degree.
• At least 7 years of experience in information assurance, cybersecurity compliance, or

risk management within the aerospace, federal, or DoD contracting environment.
• Active CISSP, CISM, GSLC, or alternate qualifying certification satisfying DoD 8570.01-M

requirements for an Information Assurance Manager (IAM) Level III.
• Demonstrated expertise in applying NIST SP 800-37 Rev. 2 (RMF), NIST SP 800-171,

NIST SP 800-53, and FISMA standards.
• Proven ability to translate high-level policies (such as CNSSP-12) into technical

engineering requirements.
• Hands-on experience with DoD security tools (e.g., eMASS, ACAS, HBSS, SPRS).
• Exceptional leadership and communication skills to effectively interface with technical

and non-technical executive stakeholders.

Desired:
• Direct experience acting as an ISSM or Security Control Assessor (SCA) for space-based systems.
• Familiarity with satellite telemetry, tracking, and commanding (TT&C) encryption and security requirements.
• Hands-on experience executing a CMMC Level 2 implementation.
• Active clearance or ability to obtain and maintain clearance.
• Experience with requirements management platforms (e.g., Jama, DOORS) used in systems engineering.

Firefly offers outstanding benefits for our employees, including generous health, dental and vision plans with low plan deductibles, parental leave, educational reimbursement, short term disability, and flexible PTO options.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.