Information System Security Manager (ISSM)

Qualis LLC is seeking an Information System Security Manager professional to provide expert guidance and support in all aspects of cybersecurity. This position is located at Eglin AFB, FL.

Certification Requirements: All DoD information security personnel, including military, civilian, and contractors, must be certified at the appropriate level per DoD Directive 8140.01. Specific certification requirements are detailed in DoD Directive 8570.01-M, Information Assurance Workforce Improvement Program (Incorporating Change 4, November 10, 2015) or its successor document. Information Assurance Technical (IAT) Level III and Information Assurance Management (IAM) Level II certifications are mandatory. Security+ and Certified Authorization Systems Professional (CASP) certifications are a requirement.

Primary duties will include:

1.      Assist in creating and maintaining Authority to Operate (ATO) for systems developed by RNRE & RNRD by collaborating with Engineers and Program Managers (PMs). Specific responsibilities include:

a.      Assist PMs in completing the Information Technology Categorization and Selection Checklist (ITCSC) to be submitted alongside a Critical Security Control Checklist (CSCC) to A6 for determination.

b.      Develop System Security Plans (SSPs) by validating each control as Compliant or Non-compliant. For non-compliant controls, create corresponding Plan of Action and Milestones (POAMs). Ensure consistency between the controls in the SSP and eMass, the online ATO tracking software.

c.       Generate and maintain a comprehensive Hardware and Software list for each ATO system.

d.      Manage Change Management processes, ensuring that any changes to an ATO system are properly documented in the CSCC, SSP, and eMass.

e.      Implement Risk Management Framework (RMF) and the DOD Joint Special Access Program Implementation Guide (JSIG) to assigned systems.

f.       Conduct annual maintenance of the Critical Security Control Checklist (CSCC).

g.      Possess and apply knowledge of Cybersecurity best practices and implementation strategies. 

h.      Ability to troubleshoot and diagnose system problems required. System Administration experience highly desirable.

2. Information Management Measures:

   - Design, develop, and implement measures to ensure the confidentiality, integrity, and availability of systems, networks, and data within the RIG.

3. Information Systems Security Programs:

   - Plan, analyze, design, develop, implement, maintain, and enhance comprehensive information systems security programs, policies, procedures, and tools specific to the RIG and Eglin Range support sites.

4. Customer Requirements Analysis:

   - Analyze customer Test, Training, and Evaluation (TT&E) requirements and provide expert advice to management on Information Management (IM) security standards and procedures.

5. Enterprise IT Data Management:

   - Register and maintain Enterprise Information Technology Data for the RIG and associated support sites.

6.  Risk Management Framework (RMF) Support:

   - Provide comprehensive support for the Risk Management Framework (RMF) process, ensuring compliance with all relevant guidelines and standards.

Requirements

Technical Skills: - Proficiency in relevant programming languages, frameworks, and tools - Understanding of cloud platforms like AWS, Azure, or Google Cloud - Knowledge of networking, security, and database technologies - Familiarity with DevOps practices, and automation - Hands-on experience with cloud technologies and implementations - Proven track record of successfully delivering cloud projects - Familiarity with agile methodologies and working in cross-functional teams. Continuous Monitoring for JSIG requirements, which includes, but not limited to, maintenance logs, account management, malicious code, vulnerability scans, and weekly security audits, on Special Access Program (SAP)systems assigned to the 96 RANSS. Experience with VMware software. Implement cybersecurity safeguards while maintaining operational capabilities. This includes assessing and updating applicable Security Technical Implementation Guides (STIG), using the Security Content Automation Protocol (SCAP) to scan systems, patching information systems and familiarity with the Assured Compliance Assessment Solution (ACAS) or the Nessus Essentials Vulnerability Scanner (free version) application used to identify system vulnerabilities.

 Soft Skills: - Strong communication and collaboration abilities - Project management experience - Understanding of business processes and requirements - Ability to translate technical concepts for non-technical stakeholders. - Problem-solving and critical thinking capabilities - Adaptability - Attention to detail and ability to work in a fast-paced environment – Teamwork.

Educational Background: - Relevant degree in Computer Science, Information Technology, or a related field - Industry certifications like AWS Certified Solutions Architect, Microsoft Azure Fundamentals, or CompTIA Cloud+ - Continuous learning and staying up to date with the latest trends and best practices. Experience with the JSIG Continuous Monitoring requirements, which includes, but not limited to, maintenance logs, account management, malicious code, vulnerability scans, and weekly security audits, on Special Access Program (SAP) systems assigned to the 96 RANSS.

Security Clearance - Secret clearance with the ability to get Top Secret. US Citizenship required. Must be willing to travel up to 10%.

Benefits

Qualis Corporation is committed to hiring and retaining a diverse and talented workforce who can contribute to the mission and vision of the Company. Our employees are our greatest asset and we promote a positive work environment, teamwork, professional growth, innovation, community involvement, flexible scheduling and a family-friendly work environment.