Senior Information Systems Security Manager (ISSM)

About The Position

Requirements

• BS degree in information systems or related technical field
• 10+ years information security experience with extensive RMF knowledge.
• Technical Knowledge: Expert knowledge of NIST 800-53, RMF process, DoDI 8510.01, eMASS system, classified network operations.
• DoD 8140 IAT/IAM Level I/II certification
• Understanding of common operating systems (Windows, Linux/Unix, Cisco IOS/NX-OS)
• Technical Knowledge: Expert knowledge of NIST 800-53, RMF process, DoDI 8510.01, eMASS system, classified network operations.
• Maintain authorization packages within eMASS including all required documentation.
• Good writing and verbal presentation skills.
• Customer focused, excellent communicator.
• Collaborate with ISSOs, SCAs, PMs, and other stakeholders by providing necessary guidance and clarifications
• Experience leading security projects and initiatives.
• Expert hands-on experience interrupting compliance and vulnerability scanning tool reports from (XACTA, STIGS, ACAS, Trellix (HBSS), and/or other vulnerability scanners)
• Knowledge of client, server, data storage, and networking technologies
• Manage multiple information systems requiring continuous authorization to operate, assessments, POA&M mitigation and remediation, Security Assessment Reports (SARs), System Security Plans(SSPs).
• Understanding of the requirements and standards for Cloud security
• Familiarity with DevSecOps principles and Secure Software Development Lifecycle (SSDLC)
• Ability to troubleshoot, assess root cause, and resolve technical issues
• Innovative with strong analytical, problem-solving, organization and interpersonal skills
• Self-motivated; able to work independently with minimal direction
• An active TS/SCI clearance is required
• Must have experience working with Special Access Programs (SAPs)

Nice To Haves

• Advanced degree in a technical field
• 9+ years of IT/security-related experience with recent ISSM experience
• Sec+/CASP/CISSP certification
• Software Development in Java, Python, Ruby and/or C++ knowledge
• Linux Expertise (RedHat/RHEL or CentOS preferred) knowledge.
• Prior experience with software scanning/static code analysis (e.g. Fortify, SonarQube)
• Prior experience with cloud and container security tools (e.g. Prisma Cloud/Twistlock, StackRox, Anchore)

Responsibilities

• Coordinating, executing, and managing cybersecurity assessment & authorization (A&A) related activities supporting IT hardware, software, and connectivity capabilities in support of intelligence data management and analysis requirements
• Provide advice and assistance on all things cyber security for customer-acquired development and systems maintenance projects, driving and monitoring system authorization status of segment components, authoring and coordinating related documentation
• Facilitate, perform, and manage actions necessary to maintain system and capability accreditation status consistent with DoDI 8510.01 (Risk Management Framework (RMF) for DoD Information Technology (IT)), including scanning, auditing, and authoring/coordinating security accreditation-related documentation
• Review and advise on security aspects of contracted maintenance deliverables and proposals
• Perform requirements analysis, design, and integration for complex software applications and collaboration infrastructures
• Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
• Write implementation and design documents describing how security features are implemented
• Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans of Action and Milestones (POA&M)
• Present system maintenance, authorization status, and potential issues to various intelligence and acquisition community audiences
• Keep leadership aware of any roadblocks, issues, or concerns with system authorization status

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.