Information System Security Manager (Issm)

ECS is seeking an Information System Security Manager (ISSM) to work in our Fairfax, VA office.

Job Description:

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We focus on people, values, and purpose. Every day, our 3000+ employees provide their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

We are a rapidly growing company that considers our employees and teams to be our most important assets. Our team environment provides opportunities for growth to individuals who are motivated to excel. We are situated in Merrifield, VA - well positioned for most commutes within the Northern Virginia area. We also offer opportunities for telework and have some of the most interesting and advanced IT business in the DC area. Our growing program works with the most forward leaning technologies and extraordinary customers who are thought and action leaders in within the AI/ML domain. We offer a highly competitive compensation and benefits package to the right person for this key position.

ECS is seeking an Information System Security Manager (ISSM) to work in our Fairfax, VA office.

Job Description:

ECS is seeking an experienced and highly motivated Information System Security Manager (ISSM) to work in a hybrid onsite/remote capacity in support a team responsible for ensuring cyber security for a IL6-P production network within the DoD community. This role requires comprehensive cyber security oversight and management. This is a demanding, high-energy position that requires innovative solutions to network, hardware, software and cyber security challenges, and demands excellent customer service and communication skills. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion. The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands-on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.

Responsibilities:

• Implement and manage secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions - Committee on National Security Systems, the National Industrial Security Program Operating Manual (NISPOM), and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).

• Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms.

• Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; Active experience with the Enterprise Mission Assurance Support Service (eMASS).

• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.

• Provide cyber security oversight, guidance, and training to all general and privileged users.

• Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management).

• Perform system auditing, vulnerability risk assessments, Assured File Transfers, data integrity containments and investigations on IA related security violations/incidents.

• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional.

About You:

• You are a proven performer with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors.

• You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives.

• You have a desire to work in a very fast-moving and forward-leaning computing environment.

• You have a deep passion for securing computing platforms.

• You have a strong desire to continually learn about new technologies.

• You possess strong conceptual thinking and oral / written communication skills.

• You are able to work well with tight deadlines under minimal supervision.

• You maintain calmness and clarity of thought under pressure and demonstrate the ability to maintain confidentiality.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

Required Skills:

• US citizenship required per contract.

• Active Secret security clearance; Top Secret security clearance preferred.

• Ability to work in a hybrid, on-site/remote capacity in Fairfax, VA (~3 days in office).

• Bachelor's degree in Computer Science; Information Systems Management; or similar Science, Technology, Engineering and Mathematics (STEM) discipline.

• Current DoD 8570 compliant, IAT Level 2 certification (e.g., Security+, SSCP, CCNA-Security, etc.).

• Solid experience in leading technical teams.

• 5+ years of experience:

• Providing leadership, guidance, and oversight of Security concepts.

• Performing security risk assessments and security architecture reviews.

• With Architecture, software design, networking, virtualization, and cloud-based technologies / infrastructure.

• Demonstrative expert knowledge, understanding, and hands-on experience with:

• DoD Information Technology best practices.

• DoD Cybersecurity best practices.

• DODD 8500.1, DODI 8500.2, and other information assurance (IA) guidance.

• Windows Domain and Linux systems architectures.

• Security / validation testing tools to include vulnerability scanners (Retina, Nessus), DISA STIGs, and DISA checklists.

Desired Skills:

• Preference shown to candidates with:

• Masters degree in a STEM discipline.

• Active Top Secret security clearance with eligibility for (or current access to) Sensitive Compartmented Information (SCI).

• Current DOD 8570 IAM Level 3 baseline certification (CISSP, CISA, etc.).

• Hands-on experience with:

• Securing a public cloud environment (Azure preferred).

• Building software utilizing public cloud (Azure preferred).

• Utilizing Agile methodologies.

• Software Security Architecture.

• Threat Modeling.

• Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management.

• McAfee HBSS (ePO, HIPS, Anti-Virus, etc.)

• Continuous monitoring experience.

• Offensive or Defensive Security techniques.

• Artificial intelligence and machine learning systems.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.