Information Systems Security Manager IT IC Level 4 - DODIN
Lexington, MA

Job Description

Security Services

The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.

Job Description

Information Systems Security Manager (ISSM) - IT IC Level 4 (Collateral - DODIN)

The Information Systems Security Manager (ISSM) - IT IC Level 4 (Collateral - DODIN) will provide information systems security support to several independent MIT Lincoln Laboratory programs. This position is to lead information security of systems connected to Department of Defense (DOD) Information Networks (DODIN) such as SIPRNet, NIPRNet, and others.

The successful candidate will work independently, perform as a team leader and as a team member, must be a quick learner, self-motivated, reliable, and able to balance multiple tasks simultaneously. Candidate must have strong interpersonal skills and be able to manage stress in a professional manner. Candidate must be knowledgeable in computer security principles and policies, to include the Risk Management Framework (RMF), Security Technical Implementation Guides (STIGs), National Industrial Security Program Operating Manual (NISPOM), and Defense Security Service (DSS) Assessment and Authorization Manual (DAAPM). Candidate must have strong technical skills and be able to respond to off-hours emergencies. Position requires occasional local and overnight travel.

Core Responsibilities

* Oversee the IS security program and policies for the assigned area of responsibility
* Develop and maintain System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
* Manage the security configuration and advise changes to collateral classified systems and networks connected to the DODIN in a variety of traditional and virtual environments including Linux, Unix, Sun, Mac, and Windows
* Ensure system information is protected while operated, maintained, and disposed of in accordance with organization security policies and procedures
* Ensuring measures are taken to report, respond, and remediate IS incidents and spillages
* Advise system owners of current cyber security policies and concepts when designing, procuring, adopting, and developing systems throughout the system life cycle.
* Ensure audit records are collected and analyzed in accordance with the SSP
* Lead efforts to conduct network, system, and application vulnerability scanning, configuration assessment, risk assessment, continuous monitoring, and remediation
* Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures
* Implement an effective IS security education, training, and awareness program, to include providing training
* Lead efforts to prepare for and participate in periodic organization compliance assessments
* Ensure account management occurs and related documentation is complete and updated
* Ensure configuration management is documented (change tracking, maintenance logs, etc.)
* Serve as a voting member of the Configuration Control Board (CCB)
* Oversee assigned ISSOs to follow established IS policies and procedures.

Requirements

* Must have an existing Department of Defense (DoD) Top Secret security clearance
* Must be able to maintain Top Secret security clearance
* BS degree in Computer Science, Information Technology, Computer Information Systems, or related discipline is required
* A minimum of 8 years of IT security experience in DoD Industrial Security is required, leadership skills relevant to this experience preferred.
* Technical experience, skills, and additional course work completed towards a Graduate Degree, or industry IT certifications may be considered in lieu of DoD security experience requirements
* Possess a DoD 8570.01-M IAM II baseline certification, ISC2 CISSP preferred.
* Completing training identified in the DAAPM ISSM Required Training Table within one year of appointment.
* Familiarity of the NISPOM, DAAPM, DISA Policy STIGs, and NIST RMF is required.
* Experience and familiarity with multiple operating systems such as Windows Server 2012 and 2016, Windows 7 and 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc. is preferred.
* Experience with virtualization technologies is preferred.
* Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is required
* Demonstrated experience with vulnerability scanning and auditing tools and processes is required
* Excellent written and verbal communication skills are required
* The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information

For Benefits Information, click http://hrweb.mit.edu/benefits

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.

Requisition ID: 26406