What are the responsibilities and job description for the Senior Information System Security Officer position at hackajob?
hackajob is collaborating with MANTECH to connect them with exceptional professionals for this role.
MANTECH seeks a motivated, self-starter, career and customer-oriented Senior Information System Security Officer to join our team in Doral, FL.
Responsibilities Include But Are Not Limited To
MANTECH seeks a motivated, self-starter, career and customer-oriented Senior Information System Security Officer to join our team in Doral, FL.
Responsibilities Include But Are Not Limited To
- Lead and conduct comprehensive security assessments of DoD information systems, applications, and infrastructure, executing the Risk Management Framework (RMF) lifecycle in accordance with DoD and federal directives.
- Partner with the J6 Mission Assurance team to identify, map, and secure Mission Relevant Terrain in Cyberspace (MRT-C). Assess and prioritize the defensive posture of Key Terrain in Cyberspace (KT-C) to ensure operational resilience and command/control (C2) availability.
- Work directly, side-by-side with system, database, and network administrators to continuously collect, review, and validate RMF artifacts. Bridge the gap between engineering operations and security compliance.
- Evaluate the effectiveness of implemented security controls against NIST SP 800-53 and CNSSI baselines. Identify vulnerabilities, analyze mission-level risks, and provide actionable recommendations for mitigation and system hardening.
- Develop, update, and maintain critical RMF documentation, including System Security Plans (SSP), Security Assessment Reports (SAR), risk assessments, and Continuous Monitoring (ConMon) Plans to support Authorities to Operate (ATO).
- Prioritize vulnerabilities based on risk and impact to KT-C and the broader mission. Develop and implement remediation plans (POA&Ms); track and report on vulnerability remediation progress to senior leadership.
- Provide security guidance and "shift-left" recommendations to Architects and Engineers during the design phase to ensure systems are built secure-by-design and align with DoD zero-trust principles.
- BA/BS in a relevant field necessary to assume Senior Information System Security Officer duties, or 4 additional years of experience in lieu of a degree.
- 9 years of overall IT/Cyber experience with 5 years of relevant Senior Information System Security Engineer (ISSO) or RMF Security Control Assessor (SCA) experience.
- Strong, practical understanding of federal security frameworks, standards, and regulations, specifically NIST (e.g., SP 800-53, 800-37), CNSSI, and DoD 8510.01.
- Experience collaborating with technical teams (sysadmins/netadmins) to pull system artifacts, configurations, and logs for compliance verification.
- Experience conducting vulnerability assessments, analyzing ACAS/Tenable scans, and managing POA&Ms.
- Knowledge of security technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) tools.
- Must possess at least one DoD 8570.01-M IAM Level II certification (or higher), such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or CASP CE. (Note: CompTIA Security is IAT II / IAM I; holding an IAM II is required).
- Master’s degree in Computer Science, Computer Engineering, Information Systems, or a closely related field.
- Deep expertise in current authorization practices within the DoD (eSpace, eMASS, or Xacta) and transitioning systems from traditional static ATOs to Continuous Monitoring/cATO.
- Experience operating within a Mission Assurance framework, with practical knowledge of assessing Key Terrain in Cyberspace (KT-C) and identifying Single Points of Failure (SPOF).
- Experience with cloud security assessments (IL4/IL5 environments). Knowledge of scripting or programming languages for compliance automation.
- Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems certification. Red Hat Enterprise License (RHEL) Linux 7, Tenable, and one or more SIEM certifications.
- Relevant assessor/auditor certifications, such as CISA, CGRC (formerly CAP), or CRISC. Technical certifications like Certified Ethical Hacker (CEH) or AWS/Azure Security Specialties are a plus.
- Experience at a DoD Combatant Command (specifically USSOUTHCOM) or a component is highly desired.
- Must have an active Secret clearance.
- Must be able to remain in a stationary position 50%.
- Constantly operates a computer and other office productivity machinery.
- The person in this position frequently communicates with co-workers, management, and technical stakeholders (admins/engineers), which may involve delivering presentations and interpreting technical data. Must be able to exchange accurate, highly technical information in these situations.
Salary : $130,000