Cybersecurity – Information System Security Manager (ISSM)

at  Boeing

At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing Classified Cybersecurity is currently seeking a highly motivated Cybersecurity – Information System Security Manager (ISSM) to join their team in Tukwila, WA or Kent, WA.
The selected candidate will rely on cybersecurity and Information Assurance (IA) background to be a technical leader and support Enterprise activities and Boeing customers throughout multiple classified computing domains. The ISSM is responsible for ensuring all Information System Security policies, standards, and directives are enforced to support assessment, authorization and continued operation of information systems processing classified information.

BASIC QUALIFICATIONS (REQUIRED SKILLS/EXPERIENCE):

• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
• 3+ years of experience in utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS

PREFERRED QUALIFICATIONS (DESIRED SKILLS/EXPERIENCE):

• Bachelor’s degree or equivalent work or military experience
• 3+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 3+ years of experience with the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM) and Risk Management Framework (RMF) security processes

TYPICAL EDUCATION/EXPERIENCE:

Typically, 9 or more years’ related work experience or relevant military experience. Advanced degree (e.g. Bachelor, Master, etc.) preferred, but not required.

• Performs security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
• Leads and implements the Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems
• Facilitates development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acknowledgement Letters (RAL) and support Continuous Monitoring (CONMON)
• Oversees configuration management of assigned systems; auditing systems to ensure security posture integrity
• Leads staff with assessments and test/analysis data to document state of compliance with security requirements
• Conducts risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
• Conducts periodic hardware/software inventory assessments
• Serves as organization spokesperson on advanced projects and programs
• Acts as advisor to management and customers on advanced technical research studies
• Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
  This position is expected to be 100% onsite. The selected candidate will be required to work onsite at one of the listed location options. Limited telecommuting opportunity may be available.