Information System Security Manager

Key Role:

Support the Security Services Team Mid-Atlantic region, including DC, Northern and Southern VA, MA, and NY by fulfilling the Information System Security Manager, (ISSM) role and guiding others in the process of bringing IP Secret Data Node, the Secret Internet Protocol Router Network (SIPRNet), and Joint Worldwide Intelligence Communications System (JWICS) into Booz Allen facilities. Maintain responsibility for documenting System Security Plans (SSP), processes, and procedures, apply system security configurations, perform continuous monitoring, and request client authorization for firm managed classified systems or networks applying evolving US Government Risk Management Framework (RMF) security policy and guidance. Work independently and in collaboration with others, including providing regular updates to program management teams on project statuses and monitor activities of program system administrators to ensure all relevant system or network security procedures are followed. Ensure system or network auditing, virus scanning, patching, and hardware and software configuration management requirements are executed, as defined in client approved system assessment documentation and policy. Document clear and concise compliance criteria and test cases required to validate compliance with RMF requirements and guidance from NIST, the intelligence community (IC), and DoD. Act as an advocate for all industrial security disciplines within the security program while ensuring business needs are met. Take independent action, when appropriate and be capable of determining when to escalate a challenge to leadership.  

Basic Qualifications:

-4+ years of experience with supporting classified contractor or government authorized classified systems

-Experience with writing and submitting RMF documentation and artifacts in accordance with government Risk Management Framework (RMF) policy or guidance applied to secure client authorization of classified contractor managed systems

-Experience with hardening systems and using security tools, including SCAP, MBSA, McAfee, or HBSS

-Experience with the process of bringing SIPRNet and JWICS into contractor facilities

-Knowledge of US government Assessment and Authorization (A&A) processes

-Ability to work with a distributed team of professionals and to establish and maintain positive and effective work relationships

-TS/SCI clearance required

-BA or BS degree in CS, Information Systems Management, Cybersecurity, or Information Assurance

-Active Level III IAM Certification, as defined in DoD 8570.01-M or DoDD 8140

Additional Qualifications:

-Experience with e-MASS or Xacta

-Experience with communications security (COMSEC), including using keying material

-Experience as a Windows Server or UNIX or Linux system administrator preferred

-Experience with virtual operating systems, WAN architecture, and hardening routers or switches or other perimeter security technologies such as firewalls, or IDS solutions

-Experience with managing data spill cleanup actions

-Possession of excellent time management skills for working on multiple projects with specific completion time frames

-Possession of excellent oral and written communication skills

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.