Mantech

ManTech seeks a motivated and customer-focused Information Systems Security Officer (ISSO) to support cybersecurity operations at Patuxent River, MD. This is an onsite position.

You will play a key role in helping to safeguard Department of Defense (DoD) information systems by supporting security control implementation, continuous monitoring, risk assessment activities, and compliance with cybersecurity policies and frameworks. This is a mid-level position ideal for professionals with a solid foundation in information systems security and hands-on experience in the DoD environment.  
 

Responsibilities include but are not limited to:

• Proposing, coordinating, implementing, and enforcing information system security policies, standards and methodologies

• Performing vulnerability assessments using the Assured Compliance Assessment Solution (ACAS), Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), and the Security Content Automation Protocol (SCAP) Compliance Checker, incorporating automated Benchmarks

• Implementing operating systems and network devices security configuration in accordance with Defense Information Systems Agency (DISA) approved Security Technical Implementation Guides

• Performing security control continuous monitoring, security audits, risk analysis and developing mitigation strategies for DoD information systems

• Identifying Common Criteria and National Information Assurance Partnership (NIAP) certified technologies and the DISA Approved Products List (APL)

• Preparing certification letters and Memoranda of Agreement (MoA) with system owners for interface and networking implementations

• Position may require flexibility in working hours

Minimum Qualifications:

• Bachelor's degree in Computer Science, Information Systems Management, Engineering, or a related area of study preferred. If no degree is held an additional 10 years of experience as an ISSO will be required.

• Experience utilizing Solar Winds IT management products

• Experience with auditing to include planning, fieldwork, and reporting findings.

• 5+ years of Information Systems experience with 5 years of Information Assurance/Cybersecurity (IA/CS) experience

• 5+ years of experience with Risk Management Framework (RMF) DODI 8510.01

• 5+ years of experience with security controls and implementation delineated in Committee of National Security Systems Instruction (CNSSI) 1253 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, and the Joint Special Access Program Implementation Guide (JSIG)

• 5+ years of experience with performing vulnerability assessments using Assured Compliance Assessment Solution (ACAS), Defense Information Systems Agency (DISA), Security Technical Implementation Guide (STIG), the Security Content Automation Protocol (SCAP), Compliance Checker, and incorporating automated Benchmarks

• 5+ years of experience implementing operating systems and network devices security configuration in accordance with Defense Information Systems Agency (DISA), and approved Security Technical Implementation Guides

• 5+ years of experience performing security control continuous monitoring, security audits, risk analysis and developing mitigation strategies for DoD information systems

• 5+ years of experience identifying Common Criteria and National Information Assurance Partnership (NIAP) certified technologies and the DISA Approved Products List (APL)

• 5+ years of experience with Intelligence Community Directive (ICD) 705, DoDD 5205.07, and DOD 5205.07-M Volumes 1-4, Special Access Program (SAP) Policy, and the Joint Special Access Program Implementation Guide (JSIG)

• Possess a DoD Approved Baseline Certification as Information Assurance Manager Level II in accordance with DoD 8570.01-M. (i.e., CompTIA CASP+ CE, CISSP)

Clearance Requirements:

• U.S. Citizen with an active U.S. Top Secret security clearance is required

• This position may also require additional background screening for base access

Physical Requirements:

• Must be able to operate a computer and other office productivity equipment, such as a calculator, copy machine, and computer printer.

• Ability to remain in a stationary position for extended periods while working at a desk or computer.

• Occasionally moves about the office to access files, network equipment, or attend meetings.

• Frequently communicates with team members, managers, and clients; must be able to exchange accurate information in these situations.

• May occasionally be required to lift and transport IT equipment weighing up to 25 pounds.

• These requirements support a professional office environment in a cybersecurity-focused setting.