Issm

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 15 hours ago

Vacancies: 1 Vacancy

Job Summary

ClearFocusTechnologiesa HUBZone certified company is located inLeesburg specialize in cybersecurity and support multiple government and commercial clientsfora variety our clients integrity and employees and believe a single person can make a difference!

We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their provide an excellent benefit package which includesmedical dental vision paid time off401(k)paid professionaldevelopment reimbursementand more!

Primary Responsibility
Serve as the Information System Security Manager for classified and unclassified environments. Responsibilities include:

Perform technical security activities to include:
- Assessment of security architectures.
- Work with FIE ISSO/ISSM to determine security categorization and overlay requirements for all information systems
- Conduct security controls testing review test results from FIE SAR
- Review network scans apply search or sort policies to determine remediation efforts
- Prepare Body of Evidence (BOE) documentation
Manage ISSO efforts with respect to established duties
Serve as Derivative Classifier.
Read interpret and implement IA regulations and requirements; develop and maintain managerial operational and technical IA skillset.
Comment on new ODNI/NIST standards / regulations as applies to client environment
Review C&A/A&A documentation (BOE) from FIE SSP to assure consistency as well as compliance to ODNI requirements. Support development of Contingency Plan Incident Response Plan and Configuration Management Plan
Employ best practices when implementing security requirements within an information system including. Assure that new applications incorporated into the infrastructure have tested developed code against established vulnerability areas of concern as reported by SANS/ OWASP etc.
Manages extensive evaluations of major information security networks prepares evaluation reports and presents recommendations. Conducts trade off analyses of products for clients to determine optimal informant security solutions.
Prepares remedial options and supervise correction of information security shortfalls.
Manage maintain and ensure successful implementation of Certification and Accreditation program.
Ensure products and services comply with all appropriate (ITSEC) certification & accreditation requirements and best practices as prescribed by the ODNI local authorities.
Analyze scan results and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the product.
Prepare Security documentation in support of project tasks and as tasked for approved project requirements which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product including but not limited to Authority of Operated (ATO) Authority to Test (ATT) Memorandum of Understanding (MOU) and Interconnection Security Agreements (ISA).
Prepare certification letters describing report security test results and findings.
Assure that Personal Electronic Devices are properly configured for ingress into the SCIF and review for data acquisition/retention upon SCIF egress.
Update PED documentation as required
Develop/Update training material include refresh training role specific training task specific training.
Respond to cyber incidents as defined in Incident Response SOP.

Principle interface to IC-SCC with respect to incidents forensic review and conclusion of investigation of all cyber related events.

Primary Skills Required

12 years information assurance experience providing system and network security engineering support system and network architecture IT communications and/or Network communications support such as: Network administration system administration programming applications support computer operations customer support and equipment support.
10 years technical experience effectively provided network and/or system administration information assurance security testing and evaluation
Candidates must have CISSP CISA or CISM and be familiar/proficient in all security domains.
Candidates must have minimum of 5 Years of C&A experience with DCID 6/3 ICD-503 and/or NIST Framework.
Candidates must have the following experience and knowledge:
Knowledge of the IC and national level system security initiatives and secure Information/Local Area Network (LAN)/Wide Area Network (WAN) technologies.
Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
Possess the ability to communicate in written and oral form. Publication or presentation experiences a plus.
Possess experience working with CNSSI and NIST 800 series publications standards.
Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.

Primary Skills Desired

Possesses experience supporting the Intelligence Community (IC) including one of the following:
Air Force Intelligence
Army Intelligence
Central Intelligence Agency
Coast Guard Intelligence
Defense Intelligence Agency
Department of Energy
Department of Homeland Security
Department of State
Department of the Treasury
Drug Enforcement Administration

Primary Responsibility
Serve as the Information System Security Manager for classified and unclassified environments. Responsibilities include:

Perform technical security activities to include:
- Assessment of security architectures.
- Work with FIE ISSO/ISSM to determine security categorization and overlay requirements for all information systems
- Conduct security controls testing review test results from FIE SAR
- Review network scans apply search or sort policies to determine remediation efforts
- Prepare Body of Evidence (BOE) documentation
Manage ISSO efforts with respect to established duties
Serve as Derivative Classifier.
Read interpret and implement IA regulations and requirements; develop and maintain managerial operational and technical IA skillset.
Comment on new ODNI/NIST standards / regulations as applies to client environment
Review C&A/A&A documentation (BOE) from FIE SSP to assure consistency as well as compliance to ODNI requirements. Support development of Contingency Plan Incident Response Plan and Configuration Management Plan
Employ best practices when implementing security requirements within an information system including. Assure that new applications incorporated into the infrastructure have tested developed code against established vulnerability areas of concern as reported by SANS/ OWASP etc.
Manages extensive evaluations of major information security networks prepares evaluation reports and presents recommendations. Conducts trade off analyses of products for clients to determine optimal informant security solutions.
Prepares remedial options and supervise correction of information security shortfalls.
Manage maintain and ensure successful implementation of Certification and Accreditation program.
Ensure products and services comply with all appropriate (ITSEC) certification & accreditation requirements and best practices as prescribed by the ODNI local authorities.
Analyze scan results and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the product.
Prepare Security documentation in support of project tasks and as tasked for approved project requirements which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product including but not limited to Authority of Operated (ATO) Authority to Test (ATT) Memorandum of Understanding (MOU) and Interconnection Security Agreements (ISA).
Prepare certification letters describing report security test results and findings.
Assure that Personal Electronic Devices are properly configured for ingress into the SCIF and review for data acquisition/retention upon SCIF egress.
Update PED documentation as required
Develop/Update training material include refresh training role specific training task specific training.
Respond to cyber incidents as defined in Incident Response SOP.

Principle interface to IC-SCC with respect to incidents forensic review and conclusion of investigation of all cyber related events.

Primary Skills Required

12 years information assurance experience providing system and network security engineering support system and network architecture IT communications and/or Network communications support such as: Network administration system administration programming applications support computer operations customer support and equipment support.
10 years technical experience effectively provided network and/or system administration information assurance security testing and evaluation
Candidates must have CISSP CISA or CISM and be familiar/proficient in all security domains.
Candidates must have minimum of 5 Years of C&A experience with DCID 6/3 ICD-503 and/or NIST Framework.
Candidates must have the following experience and knowledge:
Knowledge of the IC and national level system security initiatives and secure Information/Local Area Network (LAN)/Wide Area Network (WAN) technologies.
Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
Possess the ability to communicate in written and oral form. Publication or presentation experiences a plus.
Possess experience working with CNSSI and NIST 800 series publications standards.
Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.

Primary Skills Desired

Possesses experience supporting the Intelligence Community (IC) including one of the following:
Air Force Intelligence
Army Intelligence
Central Intelligence Agency
Coast Guard Intelligence
Defense Intelligence Agency
Department of Energy
Department of Homeland Security
Department of State
Department of the Treasury
Drug Enforcement Administration