ISSO (Information Systems Security Officer) Mantech International Corporation
Herndon, VA

Job Description

Secure our Nation, Ignite your Future

ManTech is seeking an Information Systems Security Officer (ISSO) who is a motivated self-starter that can take on a variety of task supporting multiple customers through the ICD 503 RMF process.

As the ISSO, you will work under the direction of the Information Systems Security Manager (ISSM). This is a multi-tasking environment that demands customer service, communication, and organizational skills. A successful candidate will be motivated, results-oriented and have a willingness to learn. The ISSO will maintain the operational security posture to ensure information systems (IS) security policies, standards, and procedures are established and followed.

Responsibilities will include, but are not limited to:

* Apply standards, directives, guidance and policies to classified computing environments.
* Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
* Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
* Develop and maintain the Plan of Action and Milestones and support remediation activities
* Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans
* Support Incident Response and Contingency activities
* Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner
* Promotion of Information Security awareness through various communication channels within the organization
* Ensuring the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
* Conduct Independent scans of the application, network and database with tools such as Nessus, DISA STIGS compliance check and SCAP (SCC)
* Maintain an inventory of hardware and software for the information system
* Responsible for directly or indirectly implementing, monitoring/auditing, and reporting compliance with security controls.
* Ability to research and address information security issues as required.
* Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A).
* Provides configuration management (CM) for information system security software, hardware, and firmware.
* Manages changes to system and assesses the security impact of those changes.
* Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), A&A packages, and Security Controls Traceability Matrix (SCTM).
* Plans of Action & Milestones (PO&AMs) against IT systems to obtain and maintain system accreditation through the System Development Life Cycle (SDLC)
* Ad hoc duties as assigned.

Qualifications:

* Experience with JSIG rev 4, CNSSI 1253, ICD 503, NIST SP 800-53 Rev. 4, FIPS 140-2 and other customer directives and instructions, compliant system security plans, control implementation, system requirements, and test procedures
* Ability to recognize, adopt, use, and teach best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, and incident response
* Provide direction and guidance to other employees with regard to computer security issues via security education and awareness, conduct Information Systems Security briefings, participate in self-inspections and audits, and investigate security incidents
* Experience with communicating system security plans and recommendations for control implementations to leadership, system security architects, infrastructure and software development teams, and testing engineers
* Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions. Professional demeanor, good people skills, ability to communicate effectively, and performs in a multi-tasked and dynamic environment. Work extra hours as required by program/customer needs
* Experience administering the system functions including security policies and account management of Microsoft Windows 10 and Server 2012/2016 operating systems. Familiarity with network architecture, desktop support, ports / protocols, encryption HBSS, EVSS etc.
* Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC).
* Experience with XACTA for security package compilation with the RMF steps 1-6 and manage the integration of security into the program
* Ability to work in a team environment as well as independently, demonstrate excellent problem solving abilities, be well organized, flexible, and self-motivated.
* Bachelor's degree in Computer Science, or related discipline (will consider experience in lieu of degree) and a minimum of 2 years of experience with ICD 503, RMF Process DOD8570.01M compliant certification (IAT Level II preferred)

Security clearance requirement:

TS/SCI with CI Polygraph

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.