Electronic Consulting Services, Inc (ECS Federal)
Information System Security Manager (ISSM)
Electronic Consulting Services, Inc (ECS Federal), Arlington, Virginia, United States, 22201
Job Description
ECS is seeking an
Information System Security Manager (ISSM)
to work in our
Arlington, VA
office.
ECS is seeking an experienced and highly motivated Information System Security Manager (ISSM) to support a team responsible for ensuring cybersecurity for an SIPR production network within the DoD community.
This role will oversee and ensure security compliance with Department of Defense policy of ECS Federal networks. The ISSM will work closely with the Defense Contractor Security Agency (DCSA) and the Defense Information Security Agency (DISA) to ensure the IS stays in compliance with applicable policies and oversight.
The ISSM will lead the preparations and interactions with the government for system security assessments and ensure the IS maintains its Authority to Operate (ATO). The ISSM will manage the implementation of security policies, conduct risk assessments, manage security controls, and Plan of Actions and Milestones (POAM). The ISSM is expected to advise senior management on cybersecurity issues, communicate security risks, and collaborate with technical teams and other stakeholders. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion. The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands‑on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.
Responsibilities:
Implement and manage secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions – Committee on National Security Systems, the National Industrial Security Program Operating Manual (NISPOM), and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).
Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms.
Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; active experience with the Enterprise Mission Assurance Support Service (eMASS).
Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
Provide cybersecurity oversight, guidance, and training to all general and privileged users.
Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management).
Perform system auditing, vulnerability risk assessments, assured file transfers, data integrity containment and investigations on IA related security violations/incidents.
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional.
Advise appropriate senior leadership or authorizing official of changes affecting the IS’s cybersecurity posture.
Perform cybersecurity inspections, tests, and reviews are coordinated for the network environment.
Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Ensure that Plans of Actions and Milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
*This is a hybrid role and requires at least 3 on-site days in office.
Required Skills
Active DoD Top Secret clearance with the ability to obtain a TS/SCI
A Bachelor’s or Master’s degree in Computer Science, Information Systems, Engineering, or similar field
5 years of experience in information technology, cybersecurity, and security assessments providing leadership, guidance, and oversight of security concepts, performing security risk assessments and security architecture reviews, assessing architecture, software design, networking, virtualization, and cloud-based technologies/infrastructure
Hold current DOD 8570 IAM Level 3 baseline certification(s) (CISSP, CISA, etc.)
Demonstrate and articulate expert knowledge, understanding, and hands‑on experience with: DoD Information Technology best practices, DoD Cybersecurity best practices, DODI 8500.1, DODI 8500.2, and other information assurance (IA) guidance, Windows domain and Linux systems architectures, security/validation testing tools to include vulnerability scanners (Retina, Nessus), DISA STIGs, and DISA checklists
Solid experience in leading technical teams
Customer‑service focused at all times and career/growth‑oriented
Strong written and verbal communication skills for reporting and coordinating with different levels of an organization
Team oriented personality
Desired Skills
Securing a public cloud environment (AWS, Google Cloud Platform or Azure)
Building software utilizing public cloud (AWS, Google Cloud Platform or Azure)
Utilizing Agile methodologies
Software Security Architecture
Application Security – Nutanix
Threat Modeling
Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management
Trellix Endpoint Security
Continuous monitoring experienceOffensive or Defensive Security techniques
Artificial intelligence and machine learning systems
ECS1 ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid‑sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300 employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
#J-18808-Ljbffr
ECS is seeking an
Information System Security Manager (ISSM)
to work in our
Arlington, VA
office.
ECS is seeking an experienced and highly motivated Information System Security Manager (ISSM) to support a team responsible for ensuring cybersecurity for an SIPR production network within the DoD community.
This role will oversee and ensure security compliance with Department of Defense policy of ECS Federal networks. The ISSM will work closely with the Defense Contractor Security Agency (DCSA) and the Defense Information Security Agency (DISA) to ensure the IS stays in compliance with applicable policies and oversight.
The ISSM will lead the preparations and interactions with the government for system security assessments and ensure the IS maintains its Authority to Operate (ATO). The ISSM will manage the implementation of security policies, conduct risk assessments, manage security controls, and Plan of Actions and Milestones (POAM). The ISSM is expected to advise senior management on cybersecurity issues, communicate security risks, and collaborate with technical teams and other stakeholders. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion. The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands‑on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.
Responsibilities:
Implement and manage secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions – Committee on National Security Systems, the National Industrial Security Program Operating Manual (NISPOM), and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).
Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms.
Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; active experience with the Enterprise Mission Assurance Support Service (eMASS).
Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
Provide cybersecurity oversight, guidance, and training to all general and privileged users.
Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management).
Perform system auditing, vulnerability risk assessments, assured file transfers, data integrity containment and investigations on IA related security violations/incidents.
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional.
Advise appropriate senior leadership or authorizing official of changes affecting the IS’s cybersecurity posture.
Perform cybersecurity inspections, tests, and reviews are coordinated for the network environment.
Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Ensure that Plans of Actions and Milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
*This is a hybrid role and requires at least 3 on-site days in office.
Required Skills
Active DoD Top Secret clearance with the ability to obtain a TS/SCI
A Bachelor’s or Master’s degree in Computer Science, Information Systems, Engineering, or similar field
5 years of experience in information technology, cybersecurity, and security assessments providing leadership, guidance, and oversight of security concepts, performing security risk assessments and security architecture reviews, assessing architecture, software design, networking, virtualization, and cloud-based technologies/infrastructure
Hold current DOD 8570 IAM Level 3 baseline certification(s) (CISSP, CISA, etc.)
Demonstrate and articulate expert knowledge, understanding, and hands‑on experience with: DoD Information Technology best practices, DoD Cybersecurity best practices, DODI 8500.1, DODI 8500.2, and other information assurance (IA) guidance, Windows domain and Linux systems architectures, security/validation testing tools to include vulnerability scanners (Retina, Nessus), DISA STIGs, and DISA checklists
Solid experience in leading technical teams
Customer‑service focused at all times and career/growth‑oriented
Strong written and verbal communication skills for reporting and coordinating with different levels of an organization
Team oriented personality
Desired Skills
Securing a public cloud environment (AWS, Google Cloud Platform or Azure)
Building software utilizing public cloud (AWS, Google Cloud Platform or Azure)
Utilizing Agile methodologies
Software Security Architecture
Application Security – Nutanix
Threat Modeling
Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management
Trellix Endpoint Security
Continuous monitoring experienceOffensive or Defensive Security techniques
Artificial intelligence and machine learning systems
ECS1 ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid‑sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300 employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
#J-18808-Ljbffr