Engineering Support Personnel Inc
Information Systems Security Manager (ISSM) Engineering Support Personnel, Inc.
Engineering Support Personnel Inc, Orlando, Florida, us, 32885
ESP seeks a Full Time Information Systems Security Manager (ISSM) for our simulation and training work. This position is located at our corporate office in Orlando, FL. The ISSM is responsible for developing, maintaining and overseeing the cybersecurity of the contracts assigned to ESP.Minimum Requirements
United States citizenMinimum SECRET Security Clearance Required, eligible for Top SecretPossess a valid certification that meets or exceeds DoD 8140 basic foundational requirements for the ISSM work role, to include Security+, GSEC, CAP, CASP+, CCISO, CCSP, CISM, CISSP, Cloud+, SSCP or GSLC.Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role.Experience/EducationMinimum ten (10) years of Cybersecurity experience in secure network and system analysis, procedure/test generation, test execution and implementation of computer/network security mechanisms.Knowledge of applicable laws, regulations, guidance and policies as they relate to DoD cybersecurity and SAPs (e.g., DoDI 8510.01, JSIG, DoDM 5205.07, NIST SP 800 series).Familiarity with modern DevSecOps software tools centered around open-source software.Possess strong written and verbal communications, interpersonal relations, organizational, troubleshooting, and analytical skills.Extensive operational knowledge of vulnerability management tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) and Security Technical Implementation Guides (STIG).Extensive knowledge of CS methods, principles and governance to ensure the secure integration, operation and maintenance of all complex training system computing, networking and enclave environments.Working knowledge of CS instructions and practices (e.g., DoDI 8570.01-M series– Information Assurance Workforce Improvement Program; CJCSM 6510.01 series- Defense-In-Depth: Information Assurance (IA) and Computer Network Defense (CND); DoD 8570.01M; and DoDI 8500.1 Cybersecurity).Typical responsibilities of the ISSM include:Ensure all applicable cybersecurity policies, plans and procedures are followed at Corporate and ESP field sites.Ensure required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.Support the development and maintenance of cybersecurity related plans, procedures and guidance.Monitor and recognize non-compliance, suspicious and anomalous activity (i.e., threats), and effectively report such activity and associated risks to the appropriate parties.Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc. and implementing, or overseeing, required corrective actions.Conduct role-based cybersecurity training for assigned users.Create, collect and retain data to meet reporting requirements.Monitor and correlate data (e.g., logs, events, activity, etc.) from a variety of sources (e.g., Splunk, ELA, ePO, ESS, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance.Investigate, analyze and respond to cyber events, incidents and non-compliance, to include trend analysis, assembling detailed written reports and briefing the appropriate parties.
#J-18808-Ljbffr
United States citizenMinimum SECRET Security Clearance Required, eligible for Top SecretPossess a valid certification that meets or exceeds DoD 8140 basic foundational requirements for the ISSM work role, to include Security+, GSEC, CAP, CASP+, CCISO, CCSP, CISM, CISSP, Cloud+, SSCP or GSLC.Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role.Experience/EducationMinimum ten (10) years of Cybersecurity experience in secure network and system analysis, procedure/test generation, test execution and implementation of computer/network security mechanisms.Knowledge of applicable laws, regulations, guidance and policies as they relate to DoD cybersecurity and SAPs (e.g., DoDI 8510.01, JSIG, DoDM 5205.07, NIST SP 800 series).Familiarity with modern DevSecOps software tools centered around open-source software.Possess strong written and verbal communications, interpersonal relations, organizational, troubleshooting, and analytical skills.Extensive operational knowledge of vulnerability management tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) and Security Technical Implementation Guides (STIG).Extensive knowledge of CS methods, principles and governance to ensure the secure integration, operation and maintenance of all complex training system computing, networking and enclave environments.Working knowledge of CS instructions and practices (e.g., DoDI 8570.01-M series– Information Assurance Workforce Improvement Program; CJCSM 6510.01 series- Defense-In-Depth: Information Assurance (IA) and Computer Network Defense (CND); DoD 8570.01M; and DoDI 8500.1 Cybersecurity).Typical responsibilities of the ISSM include:Ensure all applicable cybersecurity policies, plans and procedures are followed at Corporate and ESP field sites.Ensure required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.Support the development and maintenance of cybersecurity related plans, procedures and guidance.Monitor and recognize non-compliance, suspicious and anomalous activity (i.e., threats), and effectively report such activity and associated risks to the appropriate parties.Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc. and implementing, or overseeing, required corrective actions.Conduct role-based cybersecurity training for assigned users.Create, collect and retain data to meet reporting requirements.Monitor and correlate data (e.g., logs, events, activity, etc.) from a variety of sources (e.g., Splunk, ELA, ePO, ESS, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance.Investigate, analyze and respond to cyber events, incidents and non-compliance, to include trend analysis, assembling detailed written reports and briefing the appropriate parties.
#J-18808-Ljbffr