Overview

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.

Equal Employment Opportunity

Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.

Responsibilities

Responsibilities

The Information Systems Security Manger (ISSM) will lead the Information Assurance (IA) program for multiple Department of Defense (DoD) and Special Program efforts. The ISSM will work under the direction of the Cybersecurity Compliance Team Lead. The successful candidate must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands customer service, communication, and organizational skills. Due to the nature of this work, this job requires on-site presence in St Petersburg, FL. Flexible hours and/or schedules will be determine between the employee and hiring manger. Some travel may be required.

Essential Functions:

• Oversee the development, implementation and evaluation of the information systems security program for St. Petersburg office location, in compliance with current Risk Management Framework (RMF) requirements.
• Interacts directly with US Government Security Control Assessors (SCAs) during on-site assessments.
• Research and recommend integrated security solutions for multiple classified IS with various operating systems.
• Assist with design & development of integrated security solutions.
• Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM).
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Perform tasks related to compliance of Continuous Monitoring (ConMon) plans to include the use of Security Information and Event Management (SIEM) tools.
• Prepares detailed reports on system vulnerabilities and take immediate corrective actions and/or develops a Plan of Action and Milestones (POA&M)
• Apply and develop cyber security standards, directives, guidance and policies to stand-alone, LAN and WAN environments.
• Lead investigation of security incidents to include data spills, data integrity incidents, and malicious code incidents.
• Ensure system security measures comply with applicable government policies (DAAPM, NIST 800-53, JSIG).
• Provide configuration management and lead the local Change Control Board (CCB) to accurately assess the impact of modifications and vulnerabilities for each system.
• Liaise with other cybersecurity personnel for maintaining compliance with operating requirements.
• Responsible for the day-to-day management of an ISSO in support of the organization’s RMF compliance efforts.

• Brief management, as needed, on the status of action items and/or results of activities.
• In collaboration with the Security Manager/FSO, performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities.
• Provide mentorship to other Regional Draper office locations, as needed.

Qualifications

Required Qualifications:

• ACTIVE DoD SECRET Clearance. (A clearance that has been active in the past 24 months is considered active) A TOP SECRET, TS/SCI, TS/SCI w/ Poly is highly preferred.
• Bachelor’s degree in Information Assurance, Cybersecurity or similar relevant field; or equivalent experience
• 6 years of experience as an ISSO or ISSM
• DoD Directive 8570.1 IAM Level III or higher certification (CISSP preferred) or able to complete within 6 months of hire.

Preferred Qualifications: 

• Experience with eMASS
• Experience configuring and reviewing security functions of information systems including Windows 10, Windows 10/Server 2016, Linux, RHEL 7, Cisco Networking gear.
• Familiarity conducting vulnerability scans (NESSUS or ACAS experience desired).
• Experience conducting security analyses to include security configurations and risk assessments.
• Experience working with various government offices to include the Defense Counterintelligence and Security Agency (DCSA).
• Professional associations and community engagement such as NCSM ISSMC and/or CAISSWG a plus.

Due to the nature of this work, this job requires on-site presence in St Petersburg, FL. Flexible hours and/or schedules will be determined between the employee and hiring manger. 

** Draper has implemented a mandatory COVID-19 vaccination requirement for all Draper employees. This will be a condition of employment to work at Draper.