University of Washington
As a UW employee, you will enjoy generous benefits and work/life programs. For detailed information on Benefits for this position, click here. As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem solving skills and dedication to build stronger minds and a healthier world.
UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits and natural beauty. All of which has allowed the UW to be nationally recognized as a "Great College to Work For" for five consecutive years.
The Applied Physics Laboratory at the University of Washington (APL-UW) is a national center for advanced science and engineering research and development and education. APL-UW was formed in 1943 for the U.S. Navy to bring university research resources to bear on urgent WWII defense problems. APL-UW has developed an international reputation for its broad based programs in science, engineering and for designing, building, and deploying the advanced technology required to meet the research needs of numerous government and commercial sponsors. With modern facilities, equipment and over 350 talented researchers and staff, APL-UW provides a unique, dynamic work environment with many opportunities.
APL has an outstanding opportunity for a Information Systems Security Manager.
The University of Washington processes classified national security information in connection with its research contracts with the Department of Defense (DoD). To process classified national security information on a classified computing system, the University is required to appoint an employee to serve as the Information Systems Security Manager, or ISSM.
Reporting to the University of Washington Facility Security Officer (FSO), the ISSM coordinates with the FSO in managing all aspects of APL-UW's (and the University's) industrial security information systems security program, including but not limited to information system security operations, physical security as it relates to information systems security, compliance with federal policies and regulations, information systems security training, and other security issues as assigned.
Developing, implementing, and managing effective and efficient information system security practices that are compliant with continually evolving national security federal law, policy, regulations, and guidelines is the most complex requirement of this position. The incumbent continuously integrates information gathered from a variety of sources into APL-UW information systems security practices, coordinating with the FSO to ensure consistency as appropriate across the broad University's industrial security program. The incumbent efficiently manages APL-UW information system security resources while maintaining complete security compliance and effective systems. Ensures that information systems security projects are completed in a timely manner and within budget. Monitors and evaluates information system security plans, focuses on results and measuring attainment of outcomes. Ensures systems are compliant with federal requirements and that all users are properly following security procedures.
A successful security program enables the APL-UW to optimally conduct scientific research and to compete for future grants and contracts involving sensitive federal government information. Maintaining and enhancing classified computing systems is a key component of APL-UW's compliance portfolio. Furthermore, the incumbent may, upon direction of the FSO, act on matters concerning classified computing issues across the broad University.
The incumbent works with the APL-UW Information System Security Officers (ISSOs) in coordination with the University's FSO to ensure that the Laboratory's Secret Internet Protocol Routed Network (SIPRNet) enclave maintains compliance with Defense Information Systems Agency (DISA) requirements. The incumbent ensures that users are correctly following the security procedures. The incumbent remains available during core business hours to assist users, provide assistance with user accounts, monitor activity of the circuit, and troubleshoot and resolve networking issues. The incumbent configures, updates, and monitors SIPRNet network infrastructure devices consisting of routers, firewalls, intrusion detection/prevention components, and switches. The incumbent is responsible for the local Host Based Security System (HBSS) implementation and operation. The incumbent interfaces directly with the Computer Network Defense Service Provider (CNDSP) to provide support related to CNDSP subscription services. The incumbent will use tools authorized by the Defense Information Security Agency (DISA) to test the system, e.g. vulnerability scanner, Security Technical Implementation Guide (STIG) compliance checker, and antivirus. Maintains compliance records for SIPRNet network infrastructure devices using web based Continuous Monitoring and Risk Scoring (CMRS). Completes required and recommended training activities necessary to maintain technical proficiency and required certifications.
Classified computing systems
The incumbent ensures that all remaining non-SIPRNet classified computing systems are established/maintained in compliance with Defense Security Service (DSS) requirements, that users are correctly following proper security procedures, and that all classified information systems are properly secured. The incumbent works collaboratively with the FSO to develop, document and present information system security education, awareness and training; establish, document, implement, and monitor the industrial information systems security information systems program, ensuring compliance with federal policy and regulations; identify and document any unique information system security threats; conduct periodic information system self-inspections and coordinate corrective actions for all findings; conduct certification tests and certify to DSS that that all required information system protection measures are in place and provide the necessary protections; and other responsibilities described in applicable federal information system security requirement documents. The incumbent is responsible for ensuring weekly security checks of all accredited systems are completed. As necessary, the incumbent performs system administration functions for modern operating systems and applications, including but not limited to Microsoft Windows and Red Hat Enterprise Linux operating systems, such as installing and configuring operating systems, installing patches and updates, adjusting security controls to meet federal requirements, monitoring operation, and creating and managing system back-ups. The incumbent will ensure System Security Plans for all classified computing areas assigned to his/her responsibility are maintained.
Unclassified computing systems
The incumbent interacts closely with APL IT, the University's IT department, the UW's Computer Information Security Office (CISO) and other appropriate related internal and external entities concerning the security of unclassified computer systems at the Laboratory that are involved in projects involving the use, generation, storage and transmission of Controlled Unclassified Information (CUI). The incumbent participates in discussions and decisions involved in ensuring specified APL computational systems are in compliance with FAR, DFAR and other DoD directives involving security for unclassified systems.
Policy and procedure administration
The incumbent is available during core business hours to support users of classified computing systems by providing guidance and training on security policy, plans and procedures; performing system administrator functions; ensuring critical information is backed-up; and adding or removing classified systems. For all active users, the incumbent verifies the clearance and need to use the systems assigned to his/her responsibility annually.
Bachelor's Degree in Information Systems, Computer Science, Computer Engineering, or Information Security, or closely related discipline and at least six years of progressively responsible experience performing Information Assurance functions.
Certified Information Systems Security Professional (CISSP).
Must have a current Department of Defense (DoD) Directive 8140 baseline Information Assurance MGT II or MGT III Certification (GSLC or CISSP).
Ability to obtain and maintain a Department of Defense TOP SECRET personnel security clearance.
Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration.
Bachelor's degree in Information Systems, Computer Science, Computer Engineering, or Information Security, or closely related discipline.
Additional, continuous, and recent years of experience in Cyber Security.
Current experience managing classified and unclassified information systems in accordance with DOD Risk Management Framework (RMF) methodology.
Current Single Scope Background Investigation (SSBI) resulting in a Top-Secret personnel security clearance.
Demonstrated ability to work independently, make critical decisions, and work effectively with all levels of the organization, plus:
* Ability to communicate effectively, both written and oral, with senior officials and with technical and non-technical audiences.
* Windows and Linux operating system experience, preferably with Computer Environment (CE) Certification (GCWN or GCUX)-certification must be obtained within six (6)
months from date of hire or appointment.
* Experience with NIST 800-53 standards.
CONDITIONS OF EMPLOYMENT:
May be subject to successful completion of E-Verify process.
The application process for UW positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process. These assessments may include Work Authorization, Cover Letter and/or others. Any assessments that you need to complete will appear on your screen as soon as you select "Apply to this position". Once you begin an assessment, it must be completed at that time; if you do not complete the assessment you will be prompted to do so the next time you access your "My Jobs" page. If you select to take it later, it will appear on your "My Jobs" page to take when you are ready. Please note that your application will not be reviewed, and you will not be considered for this position until all required assessments have been completed.
Committed to attracting and retaining a diverse staff, your experiences, perspectives and unique identities will be honored at the University of Washington. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.
About University of Washington
University of Washington is an educational institution that provides undergraduate, graduate, and research programs.