Lead Cybersecurity Manager

Requisition #: 1468

Job Title: Lead Cybersecurity Manager

Job Title for Careers Page: Lead Cybersecurity Manager

Location: Orlando/Hybrid

Clearance Level: Secret

Required Certification(s): (CAP, CompTIA Advanced Security Practitioner (CASP), GIAC Security Leadership (GSLC) (GLSC), Certified Information Systems Security Manager (CISSM), or Certified Information Systems Security Professional (CISSP)

JOB DUTIES AND RESPONSIBILITIES

Provide the cybersecurity support necessary to deliver systems that comply with Federal, DoD, and Army cybersecurity policies and standards. Develop and deliver cyber artifacts to support the RMF process for each modernization project. Provide the Government with all assessment artifacts necessary for technical and security review. Prior to production deployment, any recommended technology must receive formal approval from the Government and be authorized for incorporation into ATEC network boundaries. These include: network boundary diagram, hardware list, software list, completed Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs), list of cyber artifacts, encryption methods, system enterprise and information security architecture diagram, and information flow diagram. Ensure network components (including wireless and fiber technologies) are securely integrated into the existing Army environment. Ensure proper encryption, implement access controls and document cybersecurity controls for compliance and audit purposes.

Provide necessary artifacts to meet RMF requirements for the deployed systems under this TO. To accompany the capabilities deliverable, all artifacts which support obtaining an Army RMF Authorization to Operate (ATO) related to the network components must be provided to each site in accordance with the U.S. ARCYBER and U.S. Army NETCOM standards. These artifacts include: network boundary diagram, hardware list, software list, system enterprise and information security architecture diagram, information flow diagram, and created Plans of Actions and Milestones (POAMs) that capture rationale and mitigations for vulnerabilities or configurations that cannot be applied.

Perform patch management and security update operations support to maintain operating environment compliance until turnover of site is complete. Verify that unpatched vulnerabilities are documented and approved by the Authorizing Official via a POAM.

Responsible for patch and security update support, including:

a. Authoring and maintaining SOPs, policies, and appropriate patch/security documentation, including policies detailing patch and security update processes and procedures.

b. Providing oversight and periodic review of the patch management process.

c. Deploying and managing all patch/security update operations.

d. Performing patch and security update deployment testing.

e. Providing patch and security update status reports.

f. Complying with DoD rules and regulations governing patch and security update operations.

g. Ensuring end-point security tools operate in compliance with all devices and monitor, alert, troubleshoot non-compliance incidents.

h. Developing, updating, and maintaining existing and future baseline documentation of each system and application, including designs, build procedures, requirements documents, test procedures, problem reports, software code, and system knowledge base. Final documentation must be approved by the Government.

Safeguard all Government data according to Cybersecurity Maturity Model Certification (CMMC) standards and all applicable regulations regarding this subject. Follow the processes and procedures required for achieving CMMC Level 3 certifications and utilize authorized CMMC Level 2 Self Assessments to assess existing DoD cybersecurity requirements. Assessment results shall be uploaded to CMMC Enterprise Mission Assurance Support Service (eMASS) within ten business days. The Contractor shall safeguard and encrypt all DoD emails in order to conduct regular correspondence and send products that are related to projects and Government day-to-day operations over acceptable DoD means of communication.

QUALIFICATIONS

Required Certifications

(CAP, CompTIA Advanced Security Practitioner (CASP), GIAC Security Leadership (GSLC) (GLSC), Certified Information Systems Security Manager (CISSM), or Certified Information Systems Security Professional (CISSP) Possess an industry certification and demonstrated success executing deploying the technical solution in an environment similar in size and scope to the requirement.

Education, Background, and Years of Experience Minimum of five years’ experience (within the last seven years) in the field of DoD Information Systems Security and/or Cybersecurity Minimum of five years’ experience (within the last seven years) creating RMF packages and entering the data into eMASS to obtain an ATO/Authority to Connect, including all the ancillary artifacts. Minimum of one year experience working U.S. Army RMF processes.

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

Experience as an ISSM, Information Systems Security Engineer (ISSE), and/or Information Systems Security Officer (ISSO). Experience in coordinating and conducting validation of security control implementation. Five years’ experience maintaining and managing client interface at the senior levels of the client organization. Possess an industry certification and demonstrated success executing deploying the technical solution in an environment similar in size and scope of network and test site modernization.

WORKING CONDITIONS

Environmental Conditions

Typical office setting

Strength Demands

Typical office setting

Physical Requirements

Typical office setting