Serve as organizational Information Systems Security Manager (ISSM) for classified networks and systems in DoD Healthcare computing.
Responsible for cybersecurity oversight and security compliance, and posturing of organization’s portfolio of information systems, networks, andPerform information system life cycle activities related to cybersecurity and IA, from managing RMF packages and ATO status, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification.
Maintain day-to-day security posture and continuous monitoring of IS including security event log review and ensure system security measures comply with applicable government.
Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
Maintain thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented.
Oversee the monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Reviews regulatory security policies, as well as best practices, and develop the technical solution required in order to implement those requirements on servers, routers, firewalls and other LAN/WAN equipment.
Works with System and Network Administrators to monitor the security posture of all networked systems and applications and take appropriate steps to quickly deal with any
Provides system, network, security engineering expertise and guidance for all aspects of information assurance, including those systems required to meet DoD regulations.
Supports the year-round work of maintaining security posture to meet DoD RMF.
Ensures technical system documentation required for A&A packages are complete and clearly supports validation and ATO in accordance with system security.
Works with IA artifacts and tooling to including vulnerability testing and related network/system test tools, g. Retina, Nessus, STIG compliance checker, ACAS, Security Content Automation Protocol (SCAP), and more.
Creates, updates, and maintains templates, guidelines, checklists, presentations, and training guides in alignment with the RMF guidelines for the organization’s cybersecurity.
Review and comment on materials related to technical documentation and reports, cybersecurity policies and procedures, and planning.
Required Skills
REQUIRED SKILLS:
10+ years of relevant experience supporting system security authorization processes under RMF and previous regulations
3+ years of technical leadership experience
CISSP, CISSM, MSCE or equivalent certification required
Hands-on experience with IA artifacts and security penetration tools
Four-year college degree
Secret clearance required
Must meet DoD 8570 requirements
Required Experience
Qualifications
REQUIRED SKILLS:
10+ years of relevant experience supporting system security authorization processes under RMF and previous regulations
3+ years of technical leadership experience
CISSP, CISSM, MSCE or equivalent certification required
Hands-on experience with IA artifacts and security penetration tools