Technical PM / Information Systems Security Manager

Role Summary
This position oversees all security and information assurance efforts to secure a mission-critical system. The role entails managing the system’s security posture, leading the Risk Management Framework (RMF) lifecycle, and ensuring compliance with Department of Defense (DoD) cybersecurity policies. The individual will serve as the primary point of contact for system certification, accreditation, and Authority to Operate (ATO) activities, providing ongoing security assessments and documentation management.

Responsibilities

• Lead the implementation, documentation, and continuous monitoring of RMF controls to maintain system authorization.
• Serve as the main point of contact for all certification and accreditation (C&A) and Authority to Operate (ATO) activities.
• Maintain and update security artifacts in eMASS, including preparing and managing Plans of Action & Milestones (POA&M).
• Apply and maintain DISA Security Technical Implementation Guides (STIGs) across various system components such as Windows Server, Oracle databases, and IIS web servers.
• Perform and document vulnerability scans using ACAS and SCAP tools; coordinate remediation efforts to address vulnerabilities.
• Oversee enterprise-level system hardening, patching, and configuration baseline management, including Group Policy Objects (GPOs) and local security policies.
• Ensure the secure configuration of both hardware and software within a distributed IT architecture.
• Secure applications and data using Public Key Infrastructure (PKI) protocols.
• Troubleshoot network, database, and application connectivity issues impacting system performance or security.
• Draft and maintain critical security documentation, such as System Security Plans (SSPs), Standard Operating Procedures (SOPs), and change requests for the Configuration Control Board (CCB).
• Ensure ongoing compliance with all DoD patching and Information Assurance Vulnerability Management (IAVM) directives.
• Perform additional job-related duties as assigned.

Qualifications

• Bachelor’s degree in a relevant technical discipline.
• CompTIA Security+ certification (or equivalent DoD 8570 IAT Level II or higher).
• Demonstrated experience with DoD Information Assurance policies, including full lifecycle management of certification and accreditation (C&A) and maintaining an Authority to Operate (ATO).
• Proficient experience with RMF processes and managing artifacts within eMASS.
• Hands-on troubleshooting experience within a DoD environment for desktops, web servers, databases, or network infrastructure.
• Strong knowledge of DISA STIGs, vulnerability management tools such as ACAS and SCAP.
• Experience administering and securing Windows Server environments, including IIS web servers.
• Excellent technical documentation and communication skills.
• Ability to work effectively in a cybersecurity-focused environment with a detail-oriented approach.
• Active U.S. Security Clearance or the ability to obtain one.

Publishing Pay Range: $130,000 - $139,000 annually
This position is based on-site and requires employee to work on-site.