Information System Security Manager (SIGINT) (5268) (TS/SCI CI Poly) (Ft. Belvoir, VA )

SMX is seeking an Information System Security Manger (ISSM – SIGINT) who will be tasked with managing and maintaining the security posture of SIGINT systems in accordance with the standards established by the National Security Agency (NSA), Department of Defense (DoD), and Intelligence Community (IC). This role involves continuous monitoring, management of security controls, validation of risk management documentation, and ensuring the prompt resolution of Plan of Action & Milestones (POA&M) items. The ISSM–SIGINT collaborates closely with stakeholders to ensure system compliance, supports incident reporting and response efforts, and offers guidance to other ISSOs on policies and procedures. This senior position demands technical expertise, leadership skills, and a comprehensive understanding of NSA security frameworks, processes, and tools.

This is a full-time onsite position in Ft. Belvoir, VA.

Essential Duties & Responsibilities

Continuous Monitoring and System Management

• Implement ongoing monitoring activities to ensure adherence to NSA standards and timelines (120-100 days of ATD).
• Validate and refresh self-test security controls, diagrams, hardware and software inventories, and security scans in CyborgBunny.
• Ensure that RMF documents (e.g., Incident Response, Contingency, Configuration, and Disaster Recovery Plans) are updated every 12 to 18 months.
• Monitor and review User Activity Monitoring (UAM) activities through SEAR, ensuring that System Security Plans (SSPs) and CONOPS are updated annually.
• Address discrepancies in the IGGY system and prepare readiness reports for review by the DAO. 

POA&M and Vulnerability Management

• Track, update, and resolve POA&Ms to ensure compliance with NSA and IC policies.
• Manage extension requests for expiring POA&Ms and systems requiring DAO decisions.
• Collaborate with ISSOs to confirm that expired POA&Ms are either resolved or extended, with DAO approval. 

Incident Response and Alert Management

• Respond to Computer Security Incident Reports (CSIRs) through FREEZFRAME or email within three business days and follow up weekly while escalating any unresolved cases.
• Review alerts in LATTEART and collaborate with ISSOs to address system health scores in accordance with NSA requirements. 

System Approvals and Decommissioning

• Review and approve IAVA POA&M items, Staffing Processing Forms (SPFs), CIVET tickets, and DTA ticket requests for systems lacking an O-ISSM.
• Manage decommission requests in XACTA and ensure that extensions are thoroughly documented. 

Policy Guidance and Collaboration

• Offer guidance to ISSOs regarding policy, procedures, and updates to NSA standards.
• Assist system owners and ISSOs in maintaining compliance with mandatory training, iAgree forms, and other security requirements. 

Stakeholder Communication and Reporting

• Maintain communication with System Owners, ISSOs, and DAOs to ensure system readiness and compliance.
• Participate in meetings, fulfill ad hoc tasks, and provide written status reports as needed.
• Review the DARKROAST, ROCBLASTER, XACTA, NESBER and other related systems for inquiries related to newly registered systems or assets. 

Automation and Process Optimization

• Identify and evaluate solutions for automating cybersecurity analysis tasks to enhance efficiency and accuracy.

Required Skills, Experience & Education

• Active TS security clearance and eligible for SCI and NATO read-on prior to starting work. Complete an active CI polygraph before commencing work.
• PhD in Science, Technology, Engineering, or Mathematics (STEM) with over 15 years of experience in cybersecurity; a Master’s degree in STEM with over 18 years of cybersecurity experience; or a Bachelor’s degree in STEM with at least 20 years of experience in cybersecurity.
• Capacity to obtain and maintain all required NSA access.
• CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
• Fifteen years of experience in assessment and accreditation activities for national security systems (NSS).
• Ten years of experience in validating system security controls.
• Ten years of experience managing vulnerabilities.
• Eight years of experience implementing RMF.
• Five years of experience in POA&M tracking and resolution.
• Three years of experience in continuous monitoring of system security controls.

Key Competencies:

• Technical Expertise: Proficient in NSA-specific tools and processes such as CyborgBunny, Biscotti, SEAR, and XACTA.
• Risk Management: Demonstrated ability to track and resolve POA&M items and assess risks associated with national security systems.
• Communication and Reporting: Excellent written and verbal communication skills for stakeholder engagement, incident reporting, and system readiness updates.
• Leadership and Guidance: Strong ability to mentor and support ISSOs in implementing cybersecurity policies and procedures.
• Problem-Solving: Expertise in resolving system discrepancies and escalating unresolved incidents efficiently.
• Collaboration: Works effectively with system owners, ISSOs, DAOs, and other stakeholders to maintain system compliance and readiness.
• Attention to Detail: Meticulous in tracking, documenting, and reporting security activities to ensure compliance with NSA and IC standards.
• Adaptability: Capable of staying current with evolving NSA standards, tools, and cybersecurity threats.

Desired Skills/Experience/Certifications

• 5 years of experience performing RMF functions under NSA guidance.
• 5 years of ISSM or ISSO experience using XACTA.
• Experience with NSA-specific tools such as Biscotti, SEAR, IGGY, and LATTEART.
• Certified Authorization Professional (CAP)
• Certified Information Security Manager (CISM)

Application Deadline: July 13, 2026

#CJPOST

#LI-onsite