Information Security Manager

Clearance Level
Interim Secret
Category
Information Security
Location
Mobile, Alabama

REQ#: RQ46358

Travel Required: None

The Vulnerability Management Analyst (VMA) - Information System Security Manager (ISSM) will work closely with the Cybersecurity Compliance Team – to support multiple programs of USACE (United States Army Corps of Engineers) connected systems through the vulnerability management and Risk Management Framework (RMF) process. They will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which may include but not limited to ACAS & Source Code scans, STIG Validation in support of DISA, DoD, USACE guidelines and proactive vulnerability detection. They will be responsible for composing essential documentation (procedures, compliance and remediation reports, continuous monitoring, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate has a background in Systems Administration or Systems Engineering, has a strong systems security mindset, and is very detailed oriented with strong written and oral communication skills.

Knowledge, Skills and Abilities

  • Conducting and maintaining vulnerability scanning on application
  • Producing actionable; risk-based reports on security assessment results
  • Assisting with vulnerability remediation when necessary
  • Developing and maintaining security plans and security testing plans
  • Continue to maintain all documentation for RMF certification & Accreditation activities.
  • Document, Monitor and Maintain the change control board processes
  • Be responsible and accountable for all task and reporting deadlines
  • Continuously improve risk models; metrics; reports; processes; and activities
  • Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
  • Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.
  • Weighs business needs against security concerns and articulates issues to management and/or customers.
  • Maintains current knowledge of relevant technology as assigned.
  • Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation
  • Participates in special projects as required.
  • Ability to manage vendor relationships and track externally dependent patching activities; driving the threat research life cycle
  • Ability to learn complex computing environments quickly; memorization skills desired
  • Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model; SDLC; ITIL; etc.)
  • Coordinate with other team (SOC; IR; RMD; Ops; Management; etc.) activities as necessary
  • Managing vulnerability mitigation and information security process in an enterprise environment
  • Proven ability to Lead customer-facing reporting and negotiation activities
  • Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
  • A Cyber Security Team team-player contributing to policy development, RMF package accreditation's, and EMSEC/TEMPEST requirements
  • Provide technical support to system and technology owners to propose mitigation and remediation solutions
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Document and report on processes and procedures

Required Qualifications:

  • Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
  • Must have one of the following DoD 8570 IAM III Level certifications: CISSP, CISM, GSLC
  • Must have one of the following Computing Environment (CE) certifications: RHSA, MCSA
  • Must obtain one of the following AWS Cloud certifications within 3 months of hire: Certified Solutions Architect Associate/Professional, Certified Developer Associate, Certified SysOps Admin, and Certified DevOps Engineer Professional
  • Sec+  CE, SSCP, GIAC Security Essentials, and other security related certifications a plus
  • 5+ years combined IT Systems and ISSM experience
  • Must have a Secret Clearance
  • The work is performed in an office and lab environment
  • Must be able to obtain a passport for OCONUS travel, if required
  • Lift over 35 LBs

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.