Springfield, Virginia

Secure our Nation, Ignite your Future

Responsibilities of the ISSE include, but are not limited to:

  • Discover Information System Protection Needs through analyzing the Activity's mission; identifying legal and regulatory requirements; identify classes of threats; determining impacts against risk; identifying security services; documenting the protection needs; and identifying design constraints.
  • Define System Security Requirements by developing the system security context, Security Concept of Operations {CONOPs), and Security Requirements Baselines from the gathered Customer and Stakeholder requirements.
  • Design System Security Architecture by working with SEs in areas of functional analysis and allocation by analyzing candidate architectures, allocating security services, and selecting security mechanisms. The ISSE identifies components or elements, allocates security functions to those elements, and describes the relationships between the elements.
  • Develop Detailed Security Design by analyzing design constraints, analyzing trade-offs, generating detailed system and security design, with life-cycle support consideration.
  • Implement System Security from the hands-on approach to participation in a multidisciplinary examination of all systems issues that provides input to the Certification and Accreditation(C&A) process activities.
  • Assess Information Protection Effectiveness by focusing on the effectiveness of the information protection whether the system can provide confidentiality, integrity, availability, authentication, and nonrepudiation for the information it is processing that is required for mission success.
  • Evaluate Commercial off the Shelf (COTS} and Government off the Shelf (GOTS} technologies - systems, applications, and services -against the Activity's INFOSEC and Cybersecurity requirements and needs.
  • Conduct INFOSEC and Cybersecurity assessment testing and reporting in accordance with the RMF and NIST 800 53; identifies deficiencies and documents them as Plans of Actions and
  • Milestones (POA&Ms) and provides recommendations for solutions in line with best practices and security industry standards.

Position Qualifications:

  • Shall be Comp TIA Advanced Security Practitioner (CASP+) or ISC2 Certified Information Systems Security Professional (CISSP) (or Associate) certified.
  • Shall have 7 or more years of progressive experience successfully leading the employment of SSE techniques, methodologies, processes, and practices to securely architect, design, engineer, implement, test, validate, verify, and deliver a variety of enterprise-grade IT solutions across multi-platform (i.e., Microsoft and *nix based) information systems in a secure manner.
  • Shall have 5 or more years of progressive experiencing personally driving Customer and Stakeholder system security requirements gathering exercises to discover, capture, analyze, and decompose the information protection needs such that formal system security requirements can be developed.
  • Shall have 5 or more years of experience in ingesting INFOSEC and Cybersecurity risks and threats, categorizing and classifying the risk and threat, evaluating remediation and mitigation alternatives, proposing, and defending your recommendation, implementing the final remediation, and testing and verifying the implemented remediation/mitigation addresses the identified threat to a Customer acceptable level.
  • Shall have 5 or more years of experiencing with supporting SSE activities in secure processing environments which must adhere to U.S. Government (USG) Information Assurance and Security standards such as the Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs).
  • Shall have 3 or more years of hands-on experiencing using common INFOSEC and Cybersecurity tools in direct support of USG and Department of Defense (DOD) security and compliance efforts such as Tenable Nessus and Security Center, McAfee ePolicy Orchestrator (ePO), DISA's Security Compliance Checker (SCC) and Security Content Automation Protocol (SCAP) content.
  • Shall meet the minimum credential requirements for a Cyber IT/Cybersecurity Workforce (CSWF) position as defined in Section 6, Table 3.
  • Supports the A&E SEs in the implementation, testing, and operational control (OPCON) transfer of INFOSEC and Cybersecurity related solutions the Activity's respective IT Operations and Maintenance (ITOM) teams.
  • Support the Activity's IT Change Management process by performing technical reviews of proposed and planned changes from the context of INFOSEC and Cybersecurity to identify risks and threats and support the remediation or mitigation prior to implementation.
  • Provides SME consulting services and escalated support to all aspects and groups of the Activity's IT organization, Stakeholders, and customer base in the specialty focus of SSE and Cyber Resiliency.
  • Provides mentorship and on the job training (OJT) to junior and/or lesser experienced personnel.
     

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.

Springfield, Virginia

ManTech was founded in 1968 to provide advanced technological services to the United States government. We began with a single contract with the U.S. Navy to develop war-gaming models for the submarine community. Over the years, our government's technology needs have increased dramatically in scope and sophistication, and we have grown to meet that challenge.

 

For more than 4 decades, we kept a careful eye on where emerging technologies were taking the government, and we developed the resources to master those technologies—by staying close to our customers and anticipating their needs, hiring talented professionals to propel us into the future, and acquiring companies with proven capabilities.

 

Today, we are a multi-billion-dollar public company that provides the innovation, adaptability, and critical thinking our government needs for success in defense, intelligence, law enforcement, science, administration, health, and other fields—throughout the nation and in many countries throughout the world. We are now applying the lessons learned in the unforgiving arena of national security to help the private sector protect networks and critical information.

Similar jobs