NC3 Information Systems Security Manager (ISSM), Journeyman

Job Description:
The employee shall perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Ensure system and application deliverables meet the requirements of all National, Federal, DoD, and Department of the Air Force Cybersecurity policies or as required by law.

Functions required to be performed in this specialty may include:

• Support of system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing National, DoD, and Department of the Air Force policies (i.e., Risk Management Framework (RMF)).
• Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.
• Conduct risk and vulnerability assessments and inspections of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Evaluate threats and vulnerabilities to information systems to ascertain the need for

additional safeguards.

• Participate in meetings/teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts.
• Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified.
• Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting systems, assess risk, and provide POA&M recommendations.
• Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals.
• Conduct systems security monitoring, evaluations, audits, and reviews.
• Recommend systems security contingency plans and disaster recovery procedures.
• Recommend and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participate in network and systems (to include cryptographic) design to ensure implementation of appropriate systems security policies.
• Knowledge of cryptography and cryptographic key management concepts.
• Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assess security events to determine impact and implementing corrective actions.
• Ensure the rigorous application of cybersecurity and cryptographic policies, principles, and practices throughout the system development lifecycle.
• Author, monitor, and record system information in applicable databases. Prepare and record system, security status, and portfolio management information into the Air Force Information Technology Investment Portfolio Suite (referred to as ITIPS) for Federal Information Security Management Act (FISMA); Security, Interoperability, Supportability, Sustainability, Usability (SISSU); Clinger Cohen Act; and other statutory compliance.
• Author, review, certify, and/or maintain security management plans and RMF package artifacts including but not limited to: RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Vulnerability Management Plans, Common Control Packages, Security Concepts of Operations, Operational Security (OPSEC) Plans, Authority-to-Connect guest system packages, and other system/network security related documents.
• Support and assist external teams in the evaluation of systems Cybersecurity posture to include teams performing non-regular cyber tests, war-games, cyber penetration tests, and cyber studies conducted by the NSA, DISA, Air Force Audit Agency, or other organizations.
• Support the development, coordination, and implementation of cybersecurity-related special projects and taskers, e.g., Defensive Cyber Operations (DCO), Higher Headquarter requests, Notice to Airmen (NOTAMs), Technical Change Orders (TCOs), System Program Office (SPO), 16th AF, USSTRATCOM, USCYBERCOM, SAF/A6, SpOC/S6, AFGSC/A6, 460 Space Wing, and AFNWC/NC efforts.
• Meet the Basic or Intermediate qualification requirements for Information System Security Manager (722) or Vulnerability Assessment Analyst (541) as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.
• Perform Information Systems Security Management (722) and Vulnerability Assessment Analyst (541) Core/Additional Tasks and meet the KSAs as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.

Minimum Education/Experience Requirements

A Journeyman labor category has 3-10 years of experience and a BA/BS or Master of Arts/ Master of Science (MA/MS) degree. A Journeyman labor category typically performs all functional duties independently.

Extensive knowledge of basic concepts and processes and experience applying them with only periodic high-level guidance. Perform successfully in non-routine and sometimes complicated situations.

The employee shall be and remain current with qualification requirements as directed by DoDI 8140.02, Identification, Tracking and Reporting of Cyberspace Workforce Requirement, and outlined in DoDM 8140.03-M Cyberspace Workforce Qualification and Management Program, and AFMAN 17-1303, Cybersecurity Workforce Improvement Program.

Travel: Yes

Security Clearance Required: TOP SECRET

Position Type: Full Time

Work Location: Hanscom AFB, MA

Salary Range: $125,000 – 150,000

Top salaries paid for qualified candidates.

Agency submissions are not being accepted at this time.

For more information on Sumaria Systems, please visit our website at www.sumaria.com.

Sumaria is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status.

Sumaria is a Full Lifecycle Engineering, Technical Services and Professional Solutions company in support of the Warfighter, supporting modernization, high end services and next generation capabilities in contested domains. Sumaria has been a trusted partner to U. S. Department of Defense for more than 40 years, providing Lifecycle Systems Engineering, Advisory & Analysis/SETA, C5ISR and Enterprise Information Technology solutions. With expertise to lead, insight to deliver and commitment to succeed; we staff each mission with a carefully selected team of seasoned professionals. We’re Headquartered in Peabody, MA, and have regional offices across the nation.

Sumaria Systems only provides engineering services to the federal government and does not provide professional engineering or surveying services to the public within the meaning of Ohio Revised Code Section 4733.16.