Senior Cyber Security Engineer/Information Systems Security Manager (ISSM)
Modern Technology Solutions, Inc. (MTSI) · Hanscom AFB, MA · 2 wk ago
Information TechnologyFull-time
Responsibilities
- Participate in acquisition meetings (PMR, PDR, CDR, etc.), concept of operation (CONOP) working groups, change boards, technical exchange meetings and other similar activities.
- Work between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level.
- Advises customer on Risk Management Framework (RMF) assessment and authorization issues.
- Develops and implements a security assessment plan.
- Performs risk assessments and makes recommendations to DoD agency customers.
- Advise government program managers on security testing methodologies and processes.
- Evaluate authorization documentation and provide written recommendations for authorization to government PM's.
- Develop and maintain a formal Information Systems Security Program.
- Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties.
- Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation.
- Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
- Develop and execute security assessment plans that include verification that the features and assurances required for each protection level function.
- Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents.
- Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system.
- Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements.
- Develop and execute an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security.
- Assess changes in the system, its environment, and operational needs that could affect the authorization.
- Achieve a valid Authorization determination for all authorization boundaries under your purview.
Requirements
- 12+ years' technical experience in cybersecurity, information technology with focus on cybersecurity implementations.
- Firm understanding of the DoD 8500.1-M, DoDM 5205.07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503.
- Experience with EMASS, XACTA or equivalent RMF tools.
- PIT/Platform experience.
Qualifications
- Bachelor’s degree in engineering, computer science, cybersecurity, networking, or programming.
- In one or more of the following certifications: Certified Information Systems Security Professional (CISSP or CISSP-ISSEP/CISSP-ISSAP).
Certification Requirements
- Must meet position and certification requirements outlined in DoD Directive 8140 for Information Assurance Manager Level II.
Clearance Requirements
- Active Top-Secret clearance with SCI and SAP eligibility.
- SAP experience desired.