Senior Info Sec Engineer

ManTech was founded in 1968 to provide advanced technological services to the United States government. We began with a single contract with the U.S. Navy to develop war-gaming models for the submarine community. Over the years, our government's technology needs have increased dramatically in scope and sophistication, and we have grown to meet that challenge.

Defines, plans, designs, and evaluates information security systems. Assesses architecture and current hardware limitations, defines and designs system specifications, and input/output processes and working parameters for hardware/software compatibility. Provides expert level consultation and technical services on all aspects of Information Security. Manages large-scale programs of national or international scope. Maintains senior affiliations with national and international organizations associated with information security.

The Infosec Engineer (ISE) is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such works in close collaboration with the Program Managers and Project team members. The ISE shall have the detailed knowledge and expertise required to manage the security aspects of an information system and is assigned responsibility for the day-to-day security operations of an information system. In close coordination with the customer, the ISE plays an active role in monitoring a system and its environment of operation, to include developing and uupdating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes. ISE will lead and manage the ICD 503 certification process and develop content required within the project's Body of Evidence (BoE). ISE will interface directly with customer's ISSM team to ensure all BoE artifacts are completed and delivered on time to eliminate cloud migration schedule impacts. In addition to the Project Management Plans, the candidate performs security compliance tasks required to establish and maintain appropriate levels of documentation required to support overall systems security compliance, certification and accreditation, operations and maintenance, system access controls, systems monitoring, systems design documentation and Plan of Action and Milestones (POAM). Ensure all program activities maintain system baselines and configuration management items, including security event monitoring policies in a manner determined and agreed to by the COR, the systems sponsor's management. In addition, the candidate must ensure that all system changes and modifications are performed in accordance with the systems sponsor's approval process.

* Requires Bachelors degree or equivalent and ten to twelve years related experience or Masters degree with seven to nine years of experience field mathematics, telecommunications, electrical engineering, computer engineering, computer science. **Additional Qualifications** * Thorough understanding andworking knowledge with Intelligence Community Directive (ICD) 503 in six distinct areas: Risk Management, Authorization, Assessment, Reciprocity, Interconnection, Governance and Dispute Resolution. * Applicable experience assessing, monitoring, satisfying compliance levels and associated Body of Evidence (BoE) artifact documentation related to ICD 503 * Extensive familiarity with the following guidelines and standard: NIST Special Publication (SP) 800-37 Guide for Applying the Risk Management Framework for Federal Information Systems, Intelligence Community Standard 503-2 (ICS 503-2) (Categorizing and Selecting Information Technology Systems Security Controls), Committee on National Security Systems Instruction 1253 (CNSSI1253) as the IC standard for security categorization of National Security Systems (NSS) and NIST SP 800-37 Guide for Applying the Risk Management Framework for Federal Information Systems * Demonstrated on-the-job experience with risk management framework and Business Continuity Planning (BCP) * Demonstrated on-the-job experience developing, designing and presenting network diagrams, flow charts, project schedules; and providing status reports that identify technical constraints, dependencies, details, plans and progress * Demonstrated on-the-job experience developing, designing and presenting network diagrams, flow charts, project schedules and providing status reports that identify technical constraints, dependencies, details, plans and progress * Demonstrated on-the-job experience writing technical documents addressing complex, sensitive issues with emphasis on information assurance requirements, preparing responses to inspection findings and developent of a Plan of Action and Milestones (POAM) * Working Knowledge of sponsor's security guidelines and policies related to systems hardening and patch compliance * Experience with ICD 503 A&A of projects hosted on C25 environment * Experience with C2S security services and respective cloud hosting security architecture