Department Summary:The Information Systems Security Department in the Global Security Services Division is seeking to fill a seasoned Information Systems Security Manager position. The Information Systems Security Manager will provide IT and IA support for a system or enclave's information assurance program through security authorization activities in compliance with Risk Management Framework (RMF). Maintains operational security posture to ensure information systems (IS), security policies, sta... more details
Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE—and make a difference with us.
Department Summary:
The Information Systems Security Department in the Global Security Services Division is seeking to fill a seasoned Information Systems Security Manager position. The Information Systems Security Manager will provide IT and IA support for a system or enclave's information assurance program through security authorization activities in compliance with Risk Management Framework (RMF). Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM).
Job Description:
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
- Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
- Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Perform cyber defense trend analysis and reporting.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
- Assess adequate access controls based on principles of least privilege and need-to-know.
- Work with stakeholders to resolve computer security incidents and vulnerability compliance.
- Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Basic Qualifications:
- In accordance with DoD 8570.01M, the selected individual must meet the requirements of an IAM Level III as a condition of employment.
- BS in Computer Science/Cybersecurity/Information Technology or equivalent field of study and 5 years related experience
- Possess and maintain an active Top Secret level security clearance
- Knowledge of Cloud service offerings (ie, PAAS, SAAS) and cybersecurity practices
- Knowledge of Cloud Computing Security Authorization processes, procedures, security requirements, and Cloud Service Providers (CSPs)
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
- Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information or applicants who are eligible for security clearances
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Ability to function effectively in a dynamic, fast-paced environment
- Strong interpersonal skills with effective verbal and written communication skills
- Clear and structured thought processes and coherent decision-making skills
Preferred Qualifications:
- MS in Computer Science/Cybersecurity/Information Technology or equivalent field of study and 8 years related experience
- SME in network performance engineering, advanced data transport, secure networking, embedded networking, NIST SP 800-53
- Amazon Web Services Certification and/or experience
- Microsoft Azure Cloud Certification and/or experience
- Proven success building relationships with partners and stakeholders
This requisition requires the candidate to have a minimum of the following clearance(s):
Top Secret
This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):
Top Secret/SCI
Work Location Type:
Onsite
MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org.
Copyright © 2024, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
Benefits information may be found here