Information Systems Security Manager (ISSM), JM - PR 1370

PE Systems, Inc. has a great opportunity for a Information Systems Security Manager (ISSM), JM - PR 1370 supporting Nuclear Command, Control, and Communications (NC3) Program at Hanscom AFB, MA location. The candidate will perform work that applies a broad theoretical and practical knowledge of engineering to the planning, design, and implementation of secure and resilient communications and information systems.

At PE Systems, Inc., we truly value our employees. We unite exceptional talent with rewarding careers. Our dedicated team enjoys generous PTO, holidays, competitive pay, and outstanding benefits!

Voted Best Places to Work in Dayton since 2022!

General Function:

• Shall ensure that all system and application deliverables meet the requirements of all National, Federal, DoD, and Department of the Air Force Cybersecurity policies as identified in the following paragraphs or as required by law.
• Shall be able to perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
• At the initiation of the period of performance and throughout the period of performance of the contract the Contractor shall ensure personnel performing cybersecurity activities obtain and remain current with qualification requirements as directed by DoDI 8140.02, Identification, Tracking and Reporting of Cyberspace Workforce Requirement, and outlined in DoDM 8140.03- M Cyberspace Workforce Qualification and Management Program, and AFMAN 17-1303, Cybersecurity Workforce Improvement Program.
• Support of system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing National, DoD, and Department of the Air Force policies (i.e., Risk Management Framework (RMF)).
• Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.
• Conduct risk and vulnerability assessments and inspections of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards.
• Participate in meetings/teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system's RMF artifacts.
• Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified.
• Review system test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. Document findings in a report.
• Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting systems, assess risk, and provide POA&M recommendations.
• Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.
• Conduct systems security monitoring, evaluations, audits, and reviews.
• Recommend systems security contingency plans and disaster recovery procedures.
• Recommend and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participate in network and systems (to include cryptographic) design to ensure implementation of appropriate systems security policies.
• Knowledge of cryptography and cryptographic key management concepts.
• Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assess security events to determine impact and implementing corrective actions.
• Ensure the rigorous application of cybersecurity and cryptographic policies, principles, and practices throughout the system development lifecycle.
• Author, monitor, and record system information in applicable databases. Prepare and record system, security status, and portfolio management information into the Air Force Information Technology Investment Portfolio Suite (referred to as ITIPS) for Federal Information Security Management Act (FISMA); Security, Interoperability, Supportability, Sustainability, Usability (SISSU); Clinger Cohen Act; and other statutory compliance.
• Author, review, certify, and/or maintain security management plans and RMF package artifacts including but not limited to: RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Vulnerability Management Plans, Common Control Packages, Security Concepts of Operations, Operational Security (OPSEC) Plans, Authority-to-Connect guest system packages, and other system/network security related documents.
• Support and assist external teams in the evaluation of systems Cybersecurity posture to include teams performing non-regular cyber tests, war-games, cyber penetration tests, and cyber studies conducted by the NSA, DISA, Air Force Audit Agency, or other organizations.
• Support the development, coordination, and implementation of cybersecurity-related special projects and taskers, e.g., Defensive Cyber Operations (DCO), Higher Headquarter requests, Notice to Airmen (NOTAMs), Technical Change Orders (TCOs), System Program Office (SPO), 16th AF, USSTRATCOM, USCYBERCOM, SAF/A6, SpOC/S6, AFGSC/A6, 460 Space Wing, and AFNWC/NC efforts.
• Meet the Basic or Intermediate qualification requirements for Information System Security Manager (722) or Vulnerability Assessment Analyst (541) as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.
• Perform Information Systems Security Management (722) and Vulnerability Assessment Analyst (541) Core/Additional Tasks and meet the KSAs as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.

Qualifications:
Education/Certifications/Experience/Skills:

• BA/BS or Master of Arts/ Master of Science (MA/MS) degree and 3-10 years of experience related to the position requirements.
• Must possess and maintain a government security clearance at the Top-Secret/SCI level.
• Must be proficient in the use of Microsoft programs (including Excel, Word, Outlook)
• Must be able to perform all functional duties independently.
• Must be able to transport self to various facility sites, as required. If using own motor vehicle, must possess a valid driver's license and proof of insurance.

Pay Rate: The annual base salary range for this position is estimated between $150 - 157K. Please note that the salary information is a general guideline only. PE Systems considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/ training, key skills as well as market and business considerations when extending an offer.

PE Systems, Inc. is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for Employment without regard to race/ethnicity, color, religion, sex, nation origin, ancestry, age, sexual orientation, gender identity, genetic information, marital status and disability (including physical or mental disability as well as pregnancy) veteran status or any other status protected by the Federal, State or local law.

#cj