Information Systems Security Manager Principal at Modern Technology Solutions Inc

Dayton, Ohio, United States -

Full Time

Start Date

Immediate

Expiry Date

23 Jan, 26

Salary

0.0

Posted On

25 Oct, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

DoD Risk Management Framework, Cybersecurity Policies, System Security Plans, Vulnerability Assessment, Security Assessments, Compliance, Cybersecurity Guidance, Stakeholder Collaboration, SAP, SCI, Continuous Monitoring, Technical Documentation, DevSecOps, Log Management, SIEM Tools, NIST Regulations, Air Force Form 1067

Industry

Space Research and Technology

Description

Support all phases of the DoD Risk Management Framework (RMF) lifecycle, from system categorization and security control selection to implementation, assessment, authorization (ATO), and continuous monitoring. Develop, review, and maintain comprehensive Authorization to Operate (ATO) packages, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), vulnerability assessment reports, and other supporting documentation. Conduct thorough system evaluations and security assessments to identify vulnerabilities, assess risks, and ensure compliance with DoD, USAF, and NIST regulations and policies. Develop, write, and update cybersecurity policies, procedures, and guidance documents to maintain a strong security posture for organizationally maintained systems. Provide cybersecurity guidance and support to development environments. Collaborate effectively with various stakeholders, including Security Control Assessors (SCAs), Program Security Officers (PSOs), Special Security Officers (SSOs), Authorizing Officials (AOs), and their designated representatives. Support the secure operation of information systems across various classification levels: Special Access Programs (SAP), Sensitive Compartmented Information (SCI), Secret, and Controlled Unclassified Information (CUI) environments. Experience: Minimum of ten (10) years of progressive experience in DoD cybersecurity to include direct support of SAP and/or SCI environments. Certifications: Possess at least one of the following baseline certifications, meeting DoD 8570.01-M / 8140.03 IAT Level II or IAM Level I/II requirements: CompTIA CASP+ GIAC Certified RMF Practitioner (CGRC) / ISC2 Certified Authorization Professional (CAP) or equivalent. In-depth understanding and practical experience with the DoD Risk Management Framework (RMF) process. Strong knowledge of DoD, USAF, and NIST cybersecurity regulations, policies, and guidelines, including the Joint Special Access Program (SAP) Implementation Guide (JSIG). Experience with system evaluations, vulnerability management, and security posture assessments. Proficiency in writing clear, concise, and comprehensive cybersecurity policies, procedures, and technical documentation. Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related technical field. Advanced cybersecurity certification such as CISSP, CISM, or equivalent (meeting IAM Level III requirements). Familiarity with obtaining L-Numbers for system authorizations. Experience with Air Force Form 1067, Information Technology Network Request - (ITNR) processes for system changes. Understanding of DevSecOps environments and Continuous Integration/Continuous Delivery (CI/CD) pipelines. Familiarity with log management and SIEM tools.

Responsibilities

Support all phases of the DoD Risk Management Framework (RMF) lifecycle, including system categorization, security control selection, and continuous monitoring. Develop and maintain comprehensive Authorization to Operate (ATO) packages and conduct thorough system evaluations to ensure compliance with relevant regulations.