What are the responsibilities and job description for the Senior Information System Security Officer position at MANTECH?
MANTECH seeks a motivated, self-starter, career and customer-oriented Senior Information System Security Officer to join our team in Doral, FL.
Responsibilities Include But Are Not Limited To
Responsibilities Include But Are Not Limited To
- Lead and conduct comprehensive security assessments of DoD information systems, applications, and infrastructure, executing the Risk Management Framework (RMF) lifecycle in accordance with DoD and federal directives.
- Partner with the J6 Mission Assurance team to identify, map, and secure Mission Relevant Terrain in Cyberspace (MRT-C). Assess and prioritize the defensive posture of Key Terrain in Cyberspace (KT-C) to ensure operational resilience and command/control (C2) availability.
- Work directly, side-by-side with system, database, and network administrators to continuously collect, review, and validate RMF artifacts. Bridge the gap between engineering operations and security compliance.
- Evaluate the effectiveness of implemented security controls against NIST SP 800-53 and CNSSI baselines. Identify vulnerabilities, analyze mission-level risks, and provide actionable recommendations for mitigation and system hardening.
- Develop, update, and maintain critical RMF documentation, including System Security Plans (SSP), Security Assessment Reports (SAR), risk assessments, and Continuous Monitoring (ConMon) Plans to support Authorities to Operate (ATO).
- Prioritize vulnerabilities based on risk and impact to KT-C and the broader mission. Develop and implement remediation plans (POA&Ms); track and report on vulnerability remediation progress to senior leadership.
- Provide security guidance and "shift-left" recommendations to Architects and Engineers during the design phase to ensure systems are built secure-by-design and align with DoD zero-trust principles.
- BA/BS in a relevant field necessary to assume Senior Information System Security Officer duties, or 4 additional years of experience in lieu of a degree.
- 9 years of overall IT/Cyber experience with 5 years of relevant Senior Information System Security Engineer (ISSO) or RMF Security Control Assessor (SCA) experience.
- Strong, practical understanding of federal security frameworks, standards, and regulations, specifically NIST (e.g., SP 800-53, 800-37), CNSSI, and DoD 8510.01.
- Experience collaborating with technical teams (sysadmins/netadmins) to pull system artifacts, configurations, and logs for compliance verification.
- Experience conducting vulnerability assessments, analyzing ACAS/Tenable scans, and managing POA&Ms.
- Knowledge of security technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) tools.
- Must possess at least one DoD 8570.01-M IAM Level II certification (or higher), such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or CASP CE. (Note: CompTIA Security is IAT II / IAM I; holding an IAM II is required).
- Master’s degree in Computer Science, Computer Engineering, Information Systems, or a closely related field.
- Deep expertise in current authorization practices within the DoD (eSpace, eMASS, or Xacta) and transitioning systems from traditional static ATOs to Continuous Monitoring/cATO.
- Experience operating within a Mission Assurance framework, with practical knowledge of assessing Key Terrain in Cyberspace (KT-C) and identifying Single Points of Failure (SPOF).
- Experience with cloud security assessments (IL4/IL5 environments). Knowledge of scripting or programming languages for compliance automation.
- Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems certification. Red Hat Enterprise License (RHEL) Linux 7, Tenable, and one or more SIEM certifications.
- Relevant assessor/auditor certifications, such as CISA, CGRC (formerly CAP), or CRISC. Technical certifications like Certified Ethical Hacker (CEH) or AWS/Azure Security Specialties are a plus.
- Experience at a DoD Combatant Command (specifically USSOUTHCOM) or a component is highly desired.
- Must have an active Secret clearance.
- Must be able to remain in a stationary position 50%.
- Constantly operates a computer and other office productivity machinery.
- The person in this position frequently communicates with co-workers, management, and technical stakeholders (admins/engineers), which may involve delivering presentations and interpreting technical data. Must be able to exchange accurate, highly technical information in these situations.