Information Systems Security Manager ISSM - 96TSSQ

REQUIRED QUALIFICATIONS / SKILLS

• Masters Degree in applicable discipline, additional experience may be substituted for the degree.
• The ideal candidate will have 7-10 years’ experience as an ISSM (Information Systems Security Manager)
• Deep familiarity with Air Force specific weapon systems: This includes aircraft (fighters, bombers, tankers, ISR platforms, trainers, special mission aircraft), command and control systems, and related communication networks. They'd likely have in-depth knowledge of several specific systems.
• Understanding of the unique operational environments of these systems: This includes considerations for deployed operations, contested environments, and the integration of weapon systems with other military assets.
• Experience with the system security engineering lifecycle for DAF programs: They'd understand how security is integrated into the acquisition process, from requirements definition to testing and deployment.
  
• Must have or be able to obtain a DoD security clearance at the Secret level.

RESPONSIBILITIES

• The candidate shall provide advice and assistance services in support of the implementation of cybersecurity safeguards while developing, coordinating, and implementing short- and long-term strategies during acquisition program development
• They will perform, assess, write, manage, and/or maintain Authority to Operate (ATO) and Security Technical Implementation Guides (STIG) credentials while interpreting and integrating all applicable policies, instructions, and procedures according to appropriate Security Classification Guides (SCGs)
• Cybersecurity support will require certifications such as (but not exclusively) Security+, Network+, or Certified Information Systems Security Professional (CISSP).
• They will provide advice and assistance services by ensuring the confidentiality, integrity, and availability of classified ISs and data using Air Force approved network engineering practices, information security standards, approved industry best practices, and by employing approved new technologies.
• They’ll advise and assist the Government in performing initial and recurring Certification and Accreditations of systems or networks at the appropriate protection level as directed by the appropriate cognizant authority.
• Security Planning and Documentation: The ISSM develops and maintains essential security documentation, including:
  • System Security Plan (SSP): A comprehensive document that describes the security controls implemented on the system.
  • Security Assessment Report (SAR): Documents the results of security assessments and identifies any vulnerabilities.
  • Plan of Action and Milestones (POA&M): Tracks the progress of remediating vulnerabilities and implementing security controls.
• Assessment and Authorization (A&A): The ISSM plays a vital role in the A&A process, which is the process of obtaining authorization to operate (ATO) a system. This involves:
  • Preparing the system for security assessments.
  • Working with security assessors to identify vulnerabilities.
  • Developing and implementing corrective action plans.
  • Presenting the system to the Authorizing Official (AO) for approval.
  • Configuration Management: The ISSM ensures that the information system is configured securely and that all changes are properly authorized and documented.
  • Access Control: The ISSM manages access control to the information system, ensuring that only authorized users have access to sensitive data.
• Vulnerability Management: The ISSM identifies, assesses, and mitigates vulnerabilities in the information system. This involves:
  • Conducting vulnerability scans.
  • Applying security patches.
  • Implementing other security measures to protect against known vulnerabilities.
  • Collaboration and Communication: The ISSM works closely with other cybersecurity professionals, system administrators, program managers, and other stakeholders to ensure that the information system is secure.
• They need to communicate effectively with both technical and non-technical audiences.

What We Offer

• Competitive salaries
• Continuing education assistance
• Professional development allotment
• Multiple healthcare benefits packages
• 401K with employer matching
• Paid time off (PTO) along with a federally recognized holiday schedule

Who We Are

At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to “Be the Difference”. This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish, and our company continuously evolves.

We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what’s possible. We promote collaboration and empowering our teams is at the core of our success.

Be the Difference

Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC and Huntsville, AL with an additional 36 locations across the U.S.

Join Astrion and Be the Difference in your career and the world!

Astrion is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, or any other characteristic protected by federal, state, or local laws.