Description: 

Shift5 is seeking an experienced Information Systems Security Manager to bolster the security of our business and operational infrastructure. In this role, you will develop, plan and implement information security standards, procedures and guidelines for systems and applications that align with compliance requirements, program and business objectives. You’ll develop a system security plan that enables and supports a program and business objectives, while at the same time, adhering to mission-critical national security requirements regarding the protection of data, systems and capabilities. 

As Shift5’s ISSM, you’ll be expected to communicate and interact with all system stakeholders to include Senior Management and our customers. You’ll ensure all stakeholders follow information security policies, standards, and methodologies to obtain and/or maintain security authorizations for information systems. You’ll ensure compliance is met, while enabling approaches and systems that allow us to advance our mission. In addition, you’ll collaborate with the Facility Security Officer and Head of IT, while maintaining the appropriate operational Information Assurance posture for all systems, programs, or enclaves.

Shift5 is a rapidly growing cybersecurity scale-up. We specialize in cybersecurity technology for operational systems, data collection, and insights for a wide variety of operational systems. To put it simply, we defend planes, trains and tanks from cyberattack. We are a collaborative, passionate and driven cadre of cyber security experts. Our engineers are multidisciplinary and our team is dynamic. We’re a growing company focused on helping our customer’s fleets run smarter and safer by capitalizing on mountains of data resting right about the wheels. Come join us.

In this role you will be expected to:

• Ensure adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs, associated NIST publications, and CNSS Instruction 1253.
• Provide support to customer organizations and maintain the appropriate operational IA posture for systems, programs, or enclaves.
• Assist in the development and execution of an enterprise level continuous monitoring program to minimize security risks and ensure compliance with that program on a routine basis.
• Development and update the system security plan, as well as manage and control changes to the system and assess the security impact of those changes.
• Help plan, coordinate, and implement IT security programs and policies.
• Provide configuration management guidance for security-relevant information system software, hardware, and firmware.
• Interpret the Joint Special Access Program Implementation Guide (JSIG) in determining technical IA requirements and conducting cyber risk assessment activities
• Develop system documentation for information system authorization, security management, and continuous monitoring of both networked and standalone information systems.
• Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle.
• Provide “eyes on glass” security monitoring in accordance with DoD requirements by monitoring security infrastructure and security alarm devices for Indicators of Compromise (IOC) utilizing SIEM and cybersecurity toolsets.
• Perform hardware/software configuration management, data integrity containments and investigations on IA related security events.
• Participate in implementation of current and future security domains including those which may introduce new service areas (e.g. Cloud Computing, DevSecOps).

We're looking for someone who is/has:

• ISSM or relevant cybersecurity experience.
• Run and maintain the entire information assurance program.
• Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Maintaining classified networks in accordance with various government requirements and standards. 
• Experience auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
• Experience with development and delivery of IA-related briefings and training material.
• Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Experience translating operational requirements into technical requirements and architectures needed to meet program objectives.
• Experience conducting all aspects of a self-inspection and support to routine DCSA audits. 
• Active Top Secret security clearance or ability to obtain one.

Compensation & Benefits:

• Competitive salary and stock options in a fast-growing startup
• Employer-paid medical, dental and vision coverage
• Health Savings Account with annual employer contributions
• 401k with employer contributions
• Life Insurance
• Uncapped paid time off policy
• Flexible work & remote work policy
• Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)

We are committed to building an inclusive culture of belonging that embraces the diversity of our people and represents the communities in which we work and the customers we serve. We know the happiest and highest performing teams include people with diverse perspectives and ways of solving problems. We strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work. 

Shift5 is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identify, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.