Information Systems Security Manager (ISSM)

Boulder, Colorado, United States

Applications have closed
SciTec logo

SciTec

The world brings problems; SciTec builds solutions. Our team is committed to delivering cutting-edge advancements for defense, security, and civil affairs.

View all employer listings

SciTec, Inc. is a dynamic small business which delivers advanced sensor processing technologies and scientific instrumentation capabilities in support of national security and defense applications. We support customers throughout the Department of Defense and U.S. Government in building innovative new tools to deliver unique, world-class data exploitation capabilities.

SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM) in our Boulder, CO office. The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.

Requirements

DUTIES:

  • Leading the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
  • Conducting cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
  • Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase.
  • Develop and execute a Continuous Monitoring program for information systems in accordance with NIST 800-53
  • Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process
  • Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
  • Conduct required IS vulnerability scans according to risk assessment parameters.
  • Continuously evaluating system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
  • Supporting the local SciTec Facility Security Officer (FSO) in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
  • Contribute to Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 which may include authoring policy and procedure, capturing artifacts, and working related projects.
  • Contributing to other corporate security and information assurance activities throughout the company with System Administrators, Security, and other stakeholders.
  • Successful candidates will have strong written and communication skills to maintain a relationship with government counterparts and other mission partners.
  • Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner
  • At least two years serving as an ISs Security Officer or Manager at a cleared facility.
  • Familiarity with the use and operation of DISA SCAP and STIGViewer tools
  • Is technical lead for the Risk Management Framework (RMF) package creation and compliance.

REQUIREMENTS:

  • Must be a U.S. Citizen.
  • Candidates must have an active Secret government security clearance.
  • 2 years of experience specifically supporting the administration of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
  • 4 year degree in Information Technology, Cybersecurity, Computer Science or other related field
  • Must have experience with Windows/Linux based troubleshooting; understand where to locate specific log files for forensics.
  • Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
  • Ability to research and develop solutions to emerging cyber threats.
  • Proficient with Microsoft Word, Microsoft Excel, OneDrive.
  • Self-starter with ability to work independently.
  • Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.

PREFERRED EXPERIENCE, SKILLS, AND ABILITIES:

  • An active TOP SECRET clearance.
  • A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
  • Prior successful experience as an ISSM.
  • Prior experience with NIST 800-171, NIST 800-53 (both DIACAP 8500.2 and Risk Management Framework), and Continuous Monitoring and Risk Scoring (CMRS).
  • A college degree in computer science, info tech, info security, or a related field.
  • Experience working with the ELK stack.
  • Experience with Azure, AWS, or similar cloud environments.
  • Have experience with VMware or other virtualization software.
  • Python, PHP, Perl, PowerShell, or Bash scripting experience.
  • Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
  • Incident response and reporting experience.

Benefits

As a small business, SciTec, Inc. offers room for growth and a flexible, fast-paced work environment. We work daily to develop one-of-a-kind solutions for challenging national problems. SciTec encourages collaboration across our offices in Boulder, El Segundo, Dayton, Huntsville, Virginia, and our headquarters in Princeton, and provides access to opportunities across the corporate spectrum. Initiative is expected and encouraged, all employees have the opportunity and flexibility to broaden their technical horizons, and our daily work makes an impact on the world around us. SciTec offers a highly competitive salary and benefits package, including a variety of benefits including health insurance, parental leave, vision, life, and disability insurance, 401(k)plan with employer contribution, holidays and paid time off plans (including vacation and sick time), an annual profit-sharing plan, and an annual performance bonus plan. The salary range for this position is $83,000 to $130,000; however, SciTec considers several factors when extending an offer of employment, including but not limited to, the role and associated responsibilities, a candidate’s work experience, education/training, and key skills. This is not a guarantee of compensation. SciTec is committed to hiring and retaining a diverse workforce and is proud to be an Equal Opportunity/Affirmative Action employer.

Tags: AWS Azure Bash CISSP Clearance Cloud CMMC Compliance Computer Science DIACAP DoD DoDD 8570 ELK Forensics Governance Incident response Intrusion detection Linux Log files Monitoring NIST Perl PHP PowerShell Python Risk assessment Risk management SCAP Scripting Security Clearance System Security Plan Top Secret Top Secret Clearance UNIX VMware Vulnerability scans Windows

Perks/benefits: Competitive pay Flex hours Flex vacation Health care Insurance Parental leave Salary bonus Team events

Regions: North America South America
Country: United States
Job stats:  4  0  0
Category: Leadership Jobs

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.