Information Systems Security Manager (ISSM)

Own Your Future.

Modern Technology Solutions, Inc. (MTSI) is seeking an Information System Security Manager (ISSM) with a Top Secret Clearance in Dayton, Ohio.

Why is MTSI known as a Great Place to Work?

• Interesting Work:  Our co-workers support some of the most important and critical programs to our national defense and security.  
• Values: Our first core value is that employees come first.  We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry. 
• 100% Employee Ownership: we have a stake in each other's success, and the success of our customers.  It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year.  
• Great Benefits - Most Full-Time Staff Are Eligible for: 
• Starting PTO accrual of 20 days PTO/year + 10 holidays/year
• Flexible schedules
• 6% 401k match with immediate vesting
• Semi-annual bonus eligibility (July and December)
• Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement account
• Up to $10,000 in annual tuition reimbursement
• Other company funded benefits, like life and disability insurance
• Optional zero deductible Blue Cross/Blue Shield health insurance plan
• Track Record of Success:  We have grown every year since our founding in 1993

Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance.

MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.

For more information about MTSI, please visit www.mtsi-va.com.

Responsibilities:

• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
• Generate and maintain required Information System (IS) security documentation including Systems Security Plans (SSP), Information Assurance Standard Operating Procedures (IA SOP), Continuous Monitoring Plans, Security Control Traceability Matrices (SCTM), Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices and procedures
• Assume Information System Security Officer (ISSO) responsibilities in their absence
• Maintain customer-required Information Assurance (IA) certifications
• Maintain day-to-day security posture and continuous monitoring of classified Information Systems
• Coordinate with customers on approval of external information systems/guest systems
• Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements
• Develop and conduct test procedures for verification of Authorization and Accreditation (A&A) and/or Risk Management Framework (RMF) safeguards to meet customer requirements based upon JSIG, ICD 705, NIST 800-53, NIST 800-53a, NIST 800-171 & CNSSI 1253
• Evaluate threats and vulnerabilities to determine the need for supplementary safeguards (e.g. architecture, firewall, data flow, network access, etc.)
• Employ customer-approved procedures for sanitizing and releasing system components and media
• Ensure all IS security-related documentation is current and accessible to properly authorized individuals
• Conduct periodic reviews to ensure compliance with SSP
• Be knowledgeable of and comprehend customer Security Classification Guides (SCG) to determine classified system requirements
• Enforce Configuration Management (CM) policies and procedures for authorizing the use of hardware/software on an IS
• Ensure configuration management for security-relevant IS software, hardware and firmware is maintained and documented
• Assess proposed changes to customer information systems, their environment of operation, and mission needs that could affect system authorization.
• Maintain a working knowledge of IS functions, security policies, technical security safeguards, and operational security measures
• Coordinate with Program Security Officer (PSO), Contractor Program Security Officer (CPSO) and/or Government SAP Security Officer (GSSO) to define, implement and maintain information security policies, strategies, and procedures Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
• Formally notify the appropriate individuals when changes occur that might affect accreditation
• Ensure the development, documentation, and presentation of classified IS security education, awareness, and training activities
• Provide mentoring and leadership to supporting ISSOs
• Familiarity with enterprise-level networks and Information Systems
• Knowledge of DevSecOps policies and procedures including Continuous Integration / Continuous Development (CI/CD) pipelines

Qualifications:

• Bachelor’s degree in Computer Science, Information Assurance, Information Security or related field. Desired Master's degree in Computer Science, IT Management, Cybersecurity or Information Assurance
• Six (6) years of experience working in an IA-related field
• Four (4) years of additional experience may be substituted for a bachelor’s degree
• CompTIA Security+ Certification
• (ISC)2 CAP - Certified Authorization Professional Certification
• Desired: (ISC)2 CISSP - Certified Information Systems Security Professional Certification
• Experience with A&A documentation and system authorization artifacts for Special Access Program (SAP) and Secure Compartmentalized Information (SCI) systems
• Knowledge of federal security requirements and mandates (e.g., RMF, Federal Information Processing Standards (FIPS), National Standards of Information Technology (NIST))
• Experience with security architectures, firewalls and network access
• Experience with risk managed downloads / Assured File Transfers (AFTs), IS sanitization and destruction, PEDs, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management
• Excellent oral and written communication skills
• Strong customer service skills; being able to work with personnel across multiple disciplines of the organization
• Strong organizational skills and ability to manage multiple tasks concurrently
• Excellent time management, scheduling, and organizational skills
• Ability to work well independently as well as follow detailed instructions for completing tasks
• Working knowledge of development tools such as GitLab, Artifactory, JIRA & Sonarqube
• Must possess an active Top Secret security clearance. Duties will require unescorted entry and work within classified SAP and SCI facilities. 100% onsite in the customer’s facilities
• Desired to have 12 months or more of experience in a SAP environment within the last 5 years

Please Note: U.S. Citizenship is required for this position, due to contract requirements.

ADDITIONAL NOTES

• Travel: Position requires up to 10% travel to CONUS areas.

#LI-MS1

#MTSI