Information System Security Manager - ISSM

Overview

Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.

• Lead and plan for new technology insertion by keeping up with new technologies and capabilities such as encryption, transport, networking, and routing, among other duties.
• Support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documentation for the Assessment and Authorization process.
• Assist projects in determining their security requirements by analyzing project's business needs and help evaluate industry offerings to identify products that meet security requirements.
• Develop and implement test plans for commercial off-the-shelf (COTS) and custom developed systems.
• Collaborate with stakeholders to create and perform quality control on Sponsor's partners' RMF body of evidence documentation.
• Review assessment reports and assist projects in identifying security risks (technical and non-technical) and developing effective mitigation strategies such as Plans of Action and Milestones (PoAMs).
• Ensure the project completes mitigation strategies as scheduled to ensure timely delivery to customer.
• Provide security review and approval for changes to accredited systems, such as installation of new software and opening new ports, and determination of Security Relevant Changes.
• Provide security review of network firewall changes.
• Provide security approval for devices being brought into Sponsor Buildings.
• Provide feedback for Sponsor computer incident team to resolve cyber incidents.
• Provide input to improve group processes by recording lessons learned, creating standard operating procedures.
• Ensure all products and administrative documentation is completed and maintained in order to ensure continuity and historical reference.
• Ensure deliverables meet all relevant quality and security standards.
• Maintain the Rapid 7, AppDetective, and WebInspect scanning software, keeping them patched and accessible to AMO systems to meet the scanning requirements.

• Must possess and be able to maintain a TS/SCI clearance with Polygraph.
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• BS 10-12, MS 8-10, PhD 5-7
• The ability to analyze systems, including forensically, for malware, misuse and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cybersecurity-related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring and systems.

Desired Qualifications:

• Ability to provide technical cybersecurity guidance.
• Ability to convey technical information to non-technical individuals.
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies.
• Ability to work in a dynamic and challenging environment.
• Demonstrated experience with the Sponsor's Authorization and Accreditation (A&A) process and the Project Management Framework.
• Demonstrated experience with the Sponsor's diverse information technology infrastructure including operating systems, major application systems, and network architecture.
• Demonstrated experience with: encryption technologies; operating systems; database technologies; networking, including the OSI model, and also including TCP/IP, MPLS, SONET, and Ethernet; routing, switching, firewalls, and data protection; cloud computing; information storage; virtual machine technology; cyber risks, exploits, vulnerabilities, and associated mitigations; conducting security reviews and assessments; information technology and a practical understanding of application, system, and network security best practices; information security policies; identifying and managing information security risks in an enterprise environment; and making reasoned, timely, and fact-based decisions, and conveying reasoning to customers and team members.
• Certified Information Systems Security Professional (CISSP).

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.