Apply on Employer Site

eTRANSERVICES · 10 hours ago

Information System Security Manager

United States

Full-time

Remote

Senior Level, Lead/Staff

8+ years exp

eTRANSERVICES is seeking an Information System Security Manager to oversee the security and compliance of the organization's information systems. The role involves managing vulnerability assessments, developing security documentation, and ensuring adherence to security protocols within the DoD's information systems.

AppsConsultingSoftwareWeb DesignWeb Development

No H1B

Security Clearance Required

U.S. Citizen Only

Hiring Manager

Erica Wagner

Responsibilities

Responsible for the application of STIGS to the network, servers, on-premise and cloud environments

Performs tasks including Cybersecurity Engineering, Information Assurance, vulnerability analysis, risk remediation, and the implementation of cybersecurity controls within DoD systems in accordance with military system specifications and DoD cybersecurity policies

Implements the DoD Risk Management Framework (RMF) supporting Assessment and Authorization (A&A) of DoD network environments. Position involves interviewing system owners and operators to elicit and complete system security plans (SSPs), information system contingency plans, policies and procedures and other relevant documentation

Compile and submit A&A packages for IA Security Control Assessor (SCA) review and assessment

Duties also involve ensuring the proper execution of Cybersecurity boundary defense techniques and various IA-enabled appliances such as firewalls, IDS, IPS, switches and routers

Testing includes automated test procedures, writing and executing automated test scripts, regression testing, and preparing test plans and reports

Use eMASS (Enterprise Mission Assurance Support Service), ACAS (Assured Compliance Assessment Solution) Security Center, evaluate STIG utilized for A&A management efforts to conduct analysis and secure systems

Must work collaboratively with system owners and operators to respond to SCA findings and identify, implement and document mitigating controls

Establish and maintain Azure cloud security governance by integrating DoD security policies with Azure management tools, ensuring compliance with DoD RMF requirements

Develop and manage Azure security baselines in accordance with DoD STIGs, leveraging Azure Policy and Blueprints to automate security compliance

Assemble and maintain comprehensive authorization packages for Azure-based systems, including all necessary artifacts for obtaining an Authority to Operate (ATO)

Maintain meticulous records of security practices and incidents within Azure, reporting to leadership to ensure transparency and compliance

Utilize Burp Suite for comprehensive vulnerability assessments of web applications and services

Develop and enforce standard operating procedures for regular security scanning with Burp Suite to identify and remediate security risks

Qualification

ACASRisk Management FrameworkSTIG applicationCybersecurity EngineeringInformation AssuranceVulnerability analysisAzure security governanceBurp SuiteDoD cybersecurity policiesIncident responseSecurity posture reportingTest plansCollaborationDocumentation

Required

Candidate must have active secret security clearance

Minimum of 8 year's work experience in the information security field

Minimum of a 4-year college degree in a related field

Meet DoD 8570.01M Baseline Certification Requirement and DoD Summary of IA Qualification Requirements: IAM Level II (Must possess one of the following certifications in good standing: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, or CCISO)