Cyber Security Information Systems Security Manager (ISSM)

Employer
CACI
Location
Alexandria, VA, United States of America
Posted
Nov 23, 2022
Closes
Dec 23, 2022
Ref
270543
Function
IT
Hours
Full Time
Cyber Security Information Systems Security Manager (ISSM)

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: Secret

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Local

What You'll Get to Do

CACI is seeking an Information Systems Security Manager (ISSM) Cyber security professional to join our team supporting a Department of Defense (DoD) client. If you are looking for your next career challenge with a highly skilled development team, CACI would like to speak with you. In this role, you will be the Cyber Security and SecurityTechnicalImplementation Guidelines (STIG) subject matter expert. As a valued member of the team, you will work with the team to ensure that any network or application within the client's purview desiring connectivity to the client'scloudcomputing environment meets all security requirements and specifications according to DoD Instruction 8510.01 Department of Defense Risk Management Framework (RMF).
  • Manage extensive security evaluations of information systems and networks and the remediation of security control weaknesses, prepares evaluation reports, and presents recommendations.
  • Conduct trade-off analyses of products for clients to determine optimal information security solutions.
  • Maintain a high level of familiarity with the major Federal Government Information Security policy guidance and directives.
  • Perform physical security tasks in accordance with the DoD 5200.1-R, Information Security Program Regulation, Administrative Instruction 26 Information Security Supplement to DoD 5200.1-R and Executive Order 12958 (as amended)-Provide ongoing security training to the client's on-site personnel
  • Ensure the physical environment of the computers and their terminals are properly secured and meets all Operation Security (OPSEC) requirements
  • Conduct structured walk-throughs based on Continuity of Operations Plans to ensure integrity of the network's ability to reconstitute normal system functions including reinstallation of applications after a catastrophic failure


More About the Role
  • Coordinate Assess and Authorize (A&A), Configuration Management (CM), and Release Management requirements for the client's systems in accordance with DoD Instruction 8510.01 RMF
  • Ensure each network or system is operated, maintained, and disposed of in accordance with DoD security policies and practices and System Security Plan
  • Ensure application, system, environment, or organizational changes do not have an adverse effect on the security posture of the system security compliance and assessment
  • Determine the extent a system change may affect the security posture of either the information system or the computing environment and ensuring the implementation of such change are documented in the Enterprise Mission Assurance Support Service (eMASS), System Security Plans, and site operating procedures
  • Review and approve Software Assessment Report (SwAR), including code and application scans, for the inclusion of web-based IT Products (Web Application Software) into accredited enclaves and verify the findings from completed code reviews have been addressed properly as to not pose a threat to the network
  • Coordinate corrective actions for information assurance (IA) incidents identified by the customer's CSSP and ensure all security-related incidents are documented and reported to the AO and AODR. Capture incident metrics. Evaluate incidents for patterns to minimize future risk
  • Monitor and validate vulnerability postures in Assured Compliance Assessment Solution (ACAS), and ensure all systems comply with DISA Security Technical Implementation Guidelines (STIG)s and with CSSP HBSS requirements
  • Ensure no physical or operational security procedure conflicts with information systems security measures
  • Ensure and approve Plan of Action and Milestones (POA&M) are in place for vulnerabilities that cannot be remedied at the time of the finding
  • Manage server and system/application IA requirements throughout the Software Development Lifecycle (SDLC)
  • Coordinate with the client's government-appointed Activity Security Representative (ASR) to support physical security for the primary office location


You'll Bring These Qualifications
  • A DoD SECRET level clearance must be obtainable/maintainable
  • Must have DOD 8570.01-M Information Assurance Workforce Improvement Program certification forIAMLevel III (e.g., CISSP) or be able to obtain within 6 months of starting position
  • An understanding of the relationship between system controls and how they affect system security
  • A minimum of 10 years monitoring system FISMA compliance using available workflow tools
  • A minimum of 10 years using eMASS as a system certification and accreditation tracking tool
  • A minimum of 3 years of practical experience transitioning to and operating within RMF in DoD applications
  • Experience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptance
  • Operational knowledge of HP Fortify system vulnerability scanning tools, to include reviewing results of custom software security scans
  • Operational Knowledge of the VMS to include how to remedy Information Assurance Vulnerability Management (IAVM) findings
  • Experience as a subject matter expert of the DoD STIGs and DoD policies pertaining to DoD IT
  • Demonstrated experience developing accreditation documentation in a DoD environment, including:


These Qualifications Would Be Nice to Have
  • Experience with Azure
  • Experience with HP Fortify software application scanning tools
  • Familiarity with National Institute of Standards (NIST) directives
  • Certified in the use of the ACAS to include how to remedy Information Assurance Vulnerability Management (IAVM) findings
  • Certified in the use of McAfee ePolicy Orchestrator to manage DISA HBSS
  • Experience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptance
  • Operational knowledge of HP Fortify system vulnerability scanning tools, to include reviewing results of custom software security scans
  • Typically requires a bachelor's degree in Computer Science or equivalent and seven to nine years of related experience, or a minimum of 5 years applicable experience in information assurance.
  • CompTIA Security+ or CASP+ CE is a plus


What We Can Offer You:
- We've been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
- For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.

Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

As a federal contractor, CACI is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.