Chantilly VA, VA, US
109 days ago
Information Systems Security Manager
Welcome page Returning Candidate? Log back in! Information Systems Security Manager Job Locations US-VA-Chantilly VA Posted Date 3 months ago(7/25/2024 1:58 PM) ID 2024-3117 # of Openings 1 Category Security Engineering Job Title Information Systems Security Manager Overview

EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country’s most critical missions.  We are a full-service government solutions company. Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.

 

EverWatch is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.

Responsibilities

We deploy systems and environments to conduct research and development, prototype, develop, and operate production capabilities used in the nation’s most critical missions. Our Chief Technology Office (CTO) is looking for a highly motivated Information System Security Manager (ISSM) to work with our Enterprise Cybersecurity team and System Owners to implement security and compliance governance.

 

You’ll bring your technical expertise in Cybersecurity to ensure our teams implement security controls, comply with security requirements, and to execute Continuous Monitoring. You’ll use your cybersecurity, software, and cloud expertise to work with teams on architecture and implementation of security controls. You’ll be a champion for security, act as a trusted advisor, and be able to rapidly understand system architectures and communicate technical security concepts to build and maintain a robust security posture.

 

Lead and implement the Assessment & Authorization process under the Risk management framework for new and existing information systems
Lead and plan for technology insertion by keeping up with new technologies and capabilities such as encryption, transport, networking, and routing, among other things
Review assessment reports and assist projects in identifying security risks (technical and non-technical) and developing effective mitigation strategies such as Plan of Action and Milestones (POAMs)
Support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documents for the Assessment and Authorization process
Assist projects in determining their security requirements by analyzing project's business needs and help evaluate industry offering to identify products that meet security requirements
Provide security review and approval for changes to accredited systems, such as installation of new software and opening network ports, network architecture concepts, etc. 
Provide recommendations for security approval for devices being brought into Sponsor building
Provide feedback for sponsor computer incident team to resolve cyber incidents
Provide input to improve group processes by recording lessons learned, creating standard operating procedures
Ensure all products and administrative documentation is completed and maintained in order to ensure continuity and historical reference.

 

Qualifications

 

Qualifications:   

5+ years of experience in Cybersecurity, Information Security, Cloud, or Software Development, 10+ years qualifies for Senior level

Experience with DoD STIGs, CIS Benchmarks and configuration security frameworks

Experience developing, reviewing, maintaining System or Network Architecture Diagrams, System Security Plans (SSP), or Plan of Action and Milestones (POA&Ms)

Knowledge of traditional and modern web-based applications, software, networks, and architecture

Ability to manage schedule and tasks or milestones across multiple efforts and stakeholders

Ability to communicate technical concepts across team members of all levels up to executive or business leaders

Must have a TS/SCI with Poly

Experience as a security engineer on programs and contracts of similar scope, type, and complexity is required. Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. DoD 8570.01-M compliance with IASAE Level 2 is required CISSP Certification is required.

  

Desired:   

Experience with RMF or GRC tools, including eMASS, Archer, or SNOW

Experience with compliance frameworks, including NIST 800-171/800-53, Risk Management Framework, FedRAMP, or CMMC

Experience with Cloud, AWS, or Azure

Knowledge of Cloud security, such as AWS and vulnerability management, including CVEs, Nessus, or CSPM, and application security, including CI/CD, SonarQube or Fortify, and Containers

Experience with web-application penetration testing or red and blue teams

Experience with CI/CD Security Gates, DevSecOps pipelines

Experience with deployment and operations of SIEMs, such as Elastic, or Splunk

Experience with Threat Intelligence and Detection Engineering

Possession of excellent oral and written communication skills, including presentation skills

Master's degree

 

Clearance Level TS/SCI polygraph Job Locations US-VA-Chantilly VA Skills ISSO, ISSE, Information Assurance, issm, Information Systems Security Manager Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQs

Software Powered by iCIMS
www.icims.com

Confirm your E-mail: Send Email