Information System Security Manager
SteamPunk

Job Info

---

Overview

Steampunk is looking for you to join our HHS team as a Information System Security Manager. In this role you'll be working with other clients, contractors, and Steampunks to support mission critical systems. You'll be an imbedded team members with a system team and will be responsible for assisting and working with this team to identify cybersecurity threats to the sytem, making recommendations for corrective actions, and implementing solutions to keep mission critical systems safe and secure.
Contributions

The successful candidate has IT experience with NIST 800-37," Guide to Applying Risk Management Framework to Federal Information Systems," NIST 800-53rev4 "Security and Privacy Controls for Federal Information Systems and Organizations," NIST 800 160 "Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems." This candidate must be well versed in applicable laws and standards such as HIPPA and HITECH to implement secure applications, and networks. They must have familiarity and experience in the implementation of cyber security requirements to follow FISMA and FedRAMP guidelines.

Certifications:

CISM or CISSP or GSLC or or EC-Council Certified Ethical Hacker (CEH) • EC-Council Licensed Penetration Tester (LPT) Master • Infosec Institute Certified Penetration Tester (CPT)- Other technical certifications provided by a recognized provider will be considered.

Additional Details of the Role:

• Serve as a principal advisor to the Government on all matters, technical and otherwise, involving the security of an Information System (IS)
• Provide the detailed knowledge and expertise required to manage the security aspects of an IS.
• Maintain responsibility for the day-to-day security operations of the system.
• Conduct Security Assessments and support
• Security Control Validation Visits
• Secure Configuration and Change management
• Event Management
• Account Management
• Vulnerability Management
• Security Incident Management
• POA&M Management
• Reauthorization, and Decommissioning
• Collaborate with the System Owner to maintain Approval to Operate (ATO), including the resolution of any Plans of Action & Milestones (POA&M) documents
• Maintain and validate account and vulnerability management
• Develop and provide update System security Plans (SSPs) and supporting documentation (e.g. SECONOPs, diagrams, Privileged User's Guide)
• Respond to any data calls
• Provide security design guidance and analysis to the project team throughout the RMF process
• Collaborate with the Information System Security Engineer (ISSE) in the design, build, and self-test of systems
• Perform reviews of technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommended mitigation strategies

Qualifications

• Bachelor's Degree or higher in computer science, electronics engineering, or other engineering or technical discipline and ten (10) years of experience is required, 3 years of management experience. An additional six (6) years' experience may be substituted for degree requirement.
• Excellent communication skills with executive leadership at a federal agency (GS-15 and above)
• Experience working with:
  • Networking concepts, protocols and security methodologies
  • NIST 800-53rev4, NIST 800-37; FISMA, and FedRAMP requirements
  • Resource management principles and techniques to meet deliverables deadlines efficiently to provide quality products.
  • DISA Security Requirements Guides (SRGs), Security Technical Implementation Guide (STIGs), and Center for Internet Security (CIS) Benchmarks
• Demonstrated experiencing managing and leading small technical teams
• Must have technical knowledge using network security scanners, SCAP scans, vulnerability scanners, packet analyzers, and penetration testing methods.
• One or a combination of the following experience in administration/engineering of operating systems, database systems, and network systems
• Risk Management Framework RMF
• Expert technical knowledge of risk management, and information security concepts and technologies
• Experience with Cyber Security document management and familiar with security and privacy rules
• Excellent analytical and problem-solving skills
• Ability to facilitate and coordinate efforts with key government and non-government stakeholders
• Self-starter that can work under general direction in a highly collaborative, team-based environment
• Ability to obtain and maintain a Public Trust clearance
• Previous Government contracting work experience

About steampunk

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers - and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.

This job has expired.