Information Systems Security Manager (ISSM)Location: Washington, DC Categories: Engineering Req ID: 2022-6993 Potential to Telecommute: Yes
MTSI is seeking a SME level Information Systems Security Manager (ISSM) with a TS/SCI clearance and SAP eligibility to be responsible for information system security for an Air Force customer at Joint Base Anacostia-Bolling (JBAB) in Washington, DC, with travel up to 20%, as required by the Government. The individual shall apply knowledge of the fundamentals of information assurance and system security to support numerous projects and programs, maintaining adherence to Government security requirements and mandates.
The ISSM serves as the Program Office’s information security professional responsible for conducting information system security engineering activities that capture and refine information security requirements and ensures that network security requirements are effectively integrated into information systems.
At MTSI, our more than 1,300 co-owners recognize the high demand for specialized professionals within our industry and that you have many options to choose. As an employee owned company where culture matters, we believe that by investing in our people we are investing in our company’s future!
MTSI’s core capabilities are Systems Engineering and Integration, Modeling and Simulation, Test and Evaluation, Acquisition and Program Support, and Mission Assurance services. Our expertise includes ballistic missile defense, air defense, air vehicle survivability, unmanned aircraft, flight test operations, intelligence support, and cyber/space/homeland defense.
Recognized as an "employee comes first" company with over 27 years of consecutive growth we challenge our co-owners to provide the highest level of support and service, and reward them with some of the best benefits in the industry. Day one all new co-workers start accruing PTO at a rate of 20 days, 6% 401k match with immediate vesting, semi-annual bonuses, and eligibility to participate in our Employee Stock Ownership Plan (ESOP). We offer other employee focused benefits, including up to $10k in tuition reimbursement and an optional zero dollar deductible BCBS health insurance plan.
For additional company information, please visit: www.mtsi-va.com
Duties to be independently executed include but are not limited to:
• Serve as the Information Systems Security Officer (ISSM) providing technical input, recommendations, and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, and other pertinent guidance.
• Perform oversight of the Identity and Access Management (IAM) tasks as well as build RMF packages, as required for the program.
• Advise the relevant Security Offices concerning the impact levels for confidentiality, integrity, and availability for the information on customer information systems.
• Evaluate threats and vulnerability to customer information systems to ascertain the need for additional safeguards. Identify non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.
• Apply knowledge of IA policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments.
• Write authorization and accreditation (A&A) documentation and ensure the systems are operated and maintained in accordance with these security plans
• Enforce the design and implementation of trusted relationships among external systems and architectures.
• Support security planning, assessment, risk analysis, and risk management for client systems and programs.
• Review and approve customer’s information system security assessment plan, which is comprised of the System Security Plan (SSP), the Security Control Traceability Matrix (SCTM), and the Security Control Assessment Procedures.
• Ensure security assessments are completed for customer’s information systems.
• Prepare the final security assessment report (SAR) which includes assessment results and findings at the conclusion of each security assessment activity.
• Initiate a Plan of Action and Milestones (POA&M) with identified weakness and suspense dates for each customer information system based on findings and recommendations from the SAR.
• Evaluate security assessment documentation and provide written recommendations for security authorization to the Authorizing Official (AO).
• Develop recommendation for authorization and submit the security authorization package to the AO.
• Assess proposed changes to customer information systems, their operation environment, and mission needs that could affect system authorization.
• Provide relevant security architecting, design, development, and configuration of customer’s information systems.
• Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems.
• Recommend system-level solutions to resolve security requirements.
• Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
• Keep abreast of current and new security technologies and threats.
• Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures, or other options.
• Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.
• Identify overall security requirements for the proper handling of client data.
• Perform system or network designs that encompass multiple enclaves to include those with differing data protection/classification requirements.
• Provide support for presentations and other office documentation, as needed.
• Work on multiple networks across various classification levels, adhering to all security policies, procedures, and processes.
• Bachelor’s degree in engineering, computer science, networking, or programming.
• Risk Management Framework (RMF) certification packages’ experience.
• Active Top Secret security clearance, current within five (5) years.
• Certifications in one or more of the following: CompTIA Security+, GIAC Industrial Cyber Security Certification (GICSP), GIAC Security Essentials (GSEC), GIAC Cyber Security Leadership (GSLC), or ISC2 Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP).
• Minimum of 7 years of relevant DoD experience.
• Must be a team player and be able to work within all levels of a project team.
• Excellent time management, scheduling, and organizational skills.
• Ability to work well independently as well as follow detailed instructions for completing tasks.
• Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment.
• Demonstrated ability to shift from one project to another in a dynamic, agile work environment.
• Excellent oral and written communication skills and ability to clearly translate client technical needs into technical specifications.
Security Clearance: TS Required, SCI Eligble
• Experience working on DISA Security Technical Implementation Guide (STIG) implementation.
• Apply system security engineering expertise to various client programs/processes (e.g., system security design process, engineering life cycle, information domain and cross domain solutions, identification/authentication/ authorization of commercial off-the-shelf and government off-the-shelf software employment, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, certification and accreditation process, principles of IA (confidentiality, integrity, non-repudiation, availability, and access control), security testing).
• Experience working on-site in a government client environment.
• Familiarity with security procedures while working in a SCIF/SAPF environment.
Please Note: U.S. Citizenship is required.
Opportunities at MTSI
- Mechanical/Structural Engineering SME Huntsville,Alabama 12/02/2022
- Principal Model Based Systems Engineer - MBSE Digital Engineering Alexandria,Virginia 10/11/2022
- Junior Model Based Systems Engineer / MBSE Digital Engineering Alexandria,Virginia 10/11/2022
MTSI maintains an outstanding work environment that includes competitive compensation, outstanding benefits, the opportunity to be an employee-owner, and challenging work assignments with significant opportunities for advancement/career growth. To be considered for employment opportunities at MTSI, you must complete an online application.
EEO Statement: MTSI embraces nine core values including our first core value of Employees come first. Consistent with our Core Values, we are committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, military/veteran status, disability, or any other characteristics protected by law. MTSI is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with MTSI and need special assistance or accommodation to use our website or to apply for a position, please send an e-mail with your request to email@example.com. Determination on requests for reasonable accommodation is made on a case-by-case basis.
MTSI posts all open positions of employment here on our official website Careers page. MTSI Recruiters will always make direct personal contact with candidates by either speaking directly via telephone call, face-to-face video conference, or in-person, and will never conduct interviews or extend offers of employment via text or using messaging applications. If you believe you may be the victim of employment fraud, we encourage you to contact the Federal Trade Commission (FTC) thru their website: reportfraud.ftc.gov.