Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
Role and Responsibilities:
· Conduct Security Control Assessment Kick-off Meetings;
· Prepare the Security Assessment Plans;
· Conduct the Security Assessment Kick-off Meeting;
· Conduct Security Assessment via document examination, interviews and manual assessments;
· Analyze automated scan results;
· Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment;
· Perform Risk Analysis;
· Create a Security Accreditation Report (SAR);
· Create a Plan of Action and Milestones (POA&M);
· Conduct Security Assessment Findings Meeting with the System Owner, ISSO and other system personnel as required.
· Requires 25% travel.
Qualifications and Education/Certification Requirements:
The successful candidate will have 3+ years of Security Assessment and Authorization experience and a Bachelor’s Degree is preferred. Must possess experience with NIST standards. This includes experience executing the full life-cycle of C&A activities including: defining the certification boundary, performing formal and technical risk assessments, developing and executing Security Test and Evaluation (ST&E) requirements, and developing Systems Security Plans (SSP) in accordance with federal and industry directives, guidelines, and best practices.
Technical writing experience (required):
· Security assessment reports
· Technical evaluation plans
· Technical reports for technical audience (System Admin, Network Admin, Database Admin, Application Developers)
· Technical reports for executive audience (System Owner, ISSO)
· Ability to translate tactical issues and address them from a strategic perspective.
· Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
· Awareness of current information security and privacy issues and the ability to interpret the requirements of relevant policies and standards set forth in OMB memoranda and NIST documentation, specifically, 800-37, 800-53A, FIPS-199/200, and 800-30.
· Ability to assess and weigh current and evolving security and privacy risks in an operational environment.
· Proven problem management skills with the ability to think critically. Must be able to leverage technology and apply critical thinking to gather, aggregate, and analyze data, and present results to senior clients.
· Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
· Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
· Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
· Demonstrate leadership and foster collaborative team approach – interacts well with front line and senior management providing consultation and expert advice on information security related topics.
· Effectively navigate political landscape and build and strengthen relationships at all levels to include other divisions and government vendor partners.
· Strong presentation and consulting skills.
· Must be able to develop meeting agendas and materials as well as facilitate meetings with the client.
Strong verbal and written communication skills are required. Effective ability to effectively interact with various levels of senior management is necessary. Candidates must possess strong client interfacing and interpersonal skills.
Requires Bachelor's degree or equivalent and five to seven years of related experience. Minimum of two years experience in technology/tools specific to the target platforms.
Preferred technical experience:
• Proficient in Windows and Linux operating systems
• Working knowledge of nmap scanning (Slow Scans, Service detection, OS detection, namp Scipts)
• Working knowledge of web aplication scanning tools (Burp, Nikto, Zap) and interpreting results.
• Working knowledge of vulnerability scanners (Nexpose, Nessus) and interpreting results.
• Working knowledge of using Nipper (network infrastructure parser) for different network devices and interpreting results.
• Working knowledge of using database scanning tools (Appdetective, Scuba) and interpreting results.
• Ability to complete manual configuration review for different operating system (Linux, Solaris, Windos XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2012) based on the CIS benchmarks
• Ability to complete manual configuration review for different database servers (MySql, MSSQL, Oracle) based on the CIS benchmarks.
• Ability to complete manual configuration review for web application based on the OWASP and NIST guidelines.