Information System Security Manager/Officer (ISSM/ISSO)
ClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!
We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more!
We are currently looking for an Information System Security Manager/Officer (ISSM/ISSO) for a position in Herndon, VA. See below for more information:
TOP SECRET – Only fully adjudicated clearances are acceptable. Interim clearances will not be accepted.
SCI active or eligible.
U.S. Citizenship required to comply with government contract.
DUTIES AND RESPONSIBILITIES
Work with systems administrators to ensure that all information systems are operated, maintained, and disposed of in accordance with established security policies and practices.
Assist with security engineering design, implementation, and test support in all aspects of information assurance and information security (InfoSec) engineering at all stages of the systems development life cycle (SDLC) process.
Assess and mitigate system security threats/risks throughout the program life cycle and works with systems administrators to implement corrective action.
Assist with reviews and monitors security designs in hardware, software, data, and procedures.
Lead system certification and accreditation activities. Ensure secure systems operations and maintenance.
Conduct security engineering analysis, risk, and vulnerability assessment, etc. Maintain working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
Ensure that all system users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access to the IS.
Report all security-related incidents to the ISSM.
Initiate protective and corrective measures when a security incident or vulnerability is discovered.
Monitor system recovery processes and ensures the proper restoration of the IS security features.
Determine/analyze and decompose security requirements.
Assist with continuous reviews (self-assessments) to ensure compliance with program SSPs.
Ensure that configuration management (CM) for security relevant IS software, hardware, and firmware is documented and maintained.
Monitor and analyze security functional tests, security designs in hardware, software, data, and procedures.
Conduct user training and awareness activities.
Provide monthly/yearly inventory reports to government.
REQUIRED KNOWLEDGE SKILLS
Evaluate security solutions to ensure they meet security requirements for processing classified information.
Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
Maintain operational security posture for an information system or program. Provide support to the information System Security Manager (ISSM) for maintaining the appropriate operational IA postured or a system, program, or enclave.
Develop and maintain documentation for C&A in accordance with ODNI and DoD policies.
Develop and update the system plan and other IA documentation.
Provide configuration management for security-relevant information system software, hardware, and firmware.
Assist with the management of security aspects of the information systems and perform day-to-day security operations of the system.
Develop system security policy and ensure compliance.
Excellent verbal and written communication skills, interpersonal and critical thinking.
Possess a commanding knowledge of InfoSec development, testing, implementation, deployment, and accreditation of a variety of current information systems.
Practical knowledge of all aspects of information security.
Bachelor’s Degree and 8+ years of experience (13+ years of experience in lieu of degree).
Experience in information technology server/desktop infrastructure, network administration and architecture, computer operations and/or telecommunications areas.
Network Administration experience is strongly desired.
Knowledge and experience with SPLUNK is desired.
Certified Information Security Professional (CISSP) and/or Security+ certification would be a huge plus.