MOBIUS is hiring: Information Systems Security Manager in Trade

Mobius is an award winning, Small Business Administration (SBA) certified Historically Underutilized Business Zone (HUBZone) company and certified Woman-Owned Small Business (WOSB) providing engineering, analytical, and programmatic expertise to the Federal Government and commercial customers. Our mission is to provide innovative advanced technology solutions to customers facing issues of national and global significance. We strive to be admired for excellent people, fair and honest partnership, innovative problem solving, and exceptional performance. Come join us Mobius is look for an Information Systems Security Manager (ISSM). The ISSM's primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. As an ISSM you will join the Mobius Classified Cyber Security Team supporting Department of Defense (DoD) programs to ensure classified information systems meet cyber security requirements and government directives. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, SAPF/SCIF efforts. The position will provide "day-to-day" support for Collateral Secret information systems under DCSA purview, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Duties of an Information Systems Security Manager may include: Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures. Coordinate with cyber systems security engineers, system architects, and developers to provide oversight in the development of secure technical solutions. Develop and oversee operational information systems security implementation policy and guidelines of network security, based upon the Risk Management Framework (RMF) with special emphasis on selected security controls that are implemented and operating as intended throughout all phases of the information systems (IS) lifecycle. Interpret the Joint Special Access Program Implementation Guide (JSIG) in determining technical Information Assurance (IA) requirements, conduct cyber risk assessment activities including vulnerability analysis, analysis of mitigation solutions and ensure proper security implementation of the Risk Management Framework (RMF) in support of authorization process and maintain throughout the lifecycle of the information systems (IS). For collateral systems in accordance with Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM), draft and submit in Enterprise Mission Assurance Support Service (eMASS) ATO packages to include artifacts, POA&M etc., in support of authorization processes. Ensure system security controls remain compliant with National Institute of Standards and Technology (NIST), Security Technical Implementation Guides (STIGs), Special Publications (SP). Perform risk assessments and make recommendations to DoD agency customers. Advise customers on Risk Management Framework (RMF) assessment and authorization issues and advise government program managers on security testing methodologies and processes. Develop and maintain a formal Information Systems Security Program to include documentation for information system authorization, security management, and continuous monitoring of both networked and standalone information systems and applicable repository for tracking ATO's throughout lifecycle including modifications. Ensure that all information system security officers, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties. Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation (SSP, RAR, SCTM, CMP) all bodies of evidence for the information systems. Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. Develop and execute security assessment plans that include verification that the features and assurances required for each protection level function to include evaluate threats and vulnerabilities to ascertain if additional safeguards are needed. Institute and implement a Configuration Control Board (CCB) charter. And assess changes in the system, its environment, and operational needs that could affect the authorization to operate (ATO). Develop policies and standard operating procedures, system security plans for responding to security incidents, to include investigating and reporting security violations and incidents for all levels of information systems. Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training. Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization) Review AIS assessment plans and conduct periodic assessments of the security posture of the authorization boundaries. Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented. Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs) Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination. Participate in self-inspections, assessments and Government compliance inspections and audits/reviews. Conduct the duties of the Information System Security Officer (ISSO) if one is not present and/or available. Qualifications: 5 years related experience. IAT Level II (Security CE, CCNA Security, etc.) DoD 8570.01-M IAM Level II (in lieu of IAT Level II) Prior performance in roles such as ISSO or SA. SAP experience Familiarity with various information system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, ACAS, Nessus, SECSCN, DISA SRR, Retina, HBSS, etc. Demonstrated ability to act independently, prioritize tasks, and establish daily routine with short/long term goals. Strong written and verbal communication skills required. Demonstrated ability to work on multiple projects simultaneously with a commitment to completion of project on a timely basis. Strong problem-solving skills and detail-oriented approach to task prioritization, while able to simultaneously work across multiple projects. Strong written and verbal communication skills. Knowledge of Microsoft Office and VISIO preferred. Education Bachelor's degree or equivalent experience (4 years) Clearance Must possess an active DoD Top Secret security clearance, based upon a National Agency Check with Local Agency Check (NAC/LC) conducted within the last six years and access eligibility for Special Access Programs and Sensitive Compartmented Information. TS/SCI must be able to obtain TS/SCI. Eligibility for access to Special Access Program Information. Willingness to submit to a Counterintelligence polygraph. Subject to routine government security investigations and must meet eligibility requirements for access to classified information throughout their employment as required by the job. Mobius Benefits: Mobius offers a stable work environment, a competitive salary, and a comprehensive benefits package, which includes medical, dental and vision plans, 401k Plan, Flexible Work Schedules, Tuition Reimbursement, Paid Leave and much more. Mobius is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity Employer/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.