Information Security Manager

Quantum Science Solutions
Arlington, United States of America
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Arlington, United States of America

Tech stack

Xacta
Microsoft Word
Microsoft Excel
Amazon Web Services (AWS)
User Authentication
Bash
Burp Suite
Configuration Management
Computer Security
Information Systems
Computer Literacy
Customer Data Management
Linux
Identity and Access Management
Information Security Management
Python
Network Security
Microsoft Security Essentials
Microsoft Office
Microsoft Visio
Network Segmentation
NMap
Microsoft PowerPoint
Powershell
Role-Based Access Control
Amazon Web Services (AWS)
Zero Trust Network Access
Security Information and Event Management
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
AWS Lambda
Information Technology
Nessus
Splunk
Cisco networks
Vulnerability Analysis

Job description

Quantum Science Solutions (QSS) provides advanced cybersecurity services supporting mission-critical federal programs focused on protecting national cyber infrastructure. We are seeking an experienced Information Security Manager III to support a critical customer mission by managing Risk Management Framework (RMF) activities, Assessment and Authorization (A&A) efforts, and information security compliance across enterprise systems. The Information Security Manager will work closely with technical teams, Information System Security Managers (ISSMs), and cybersecurity leadership to support Authorization to Operate (ATO) activities, implement security controls, perform risk assessments, and ensure compliance with federal cybersecurity requirements., * Support the full Risk Management Framework (RMF) lifecycle for Information Technology systems.

  • Develop and maintain Assessment and Authorization (A&A) documentation including System Security Plans (SSPs), Contingency Plans, Incident Response Plans, and Configuration Management Plans.
  • Support Authorization to Operate (ATO) efforts from system initiation through authorization and continuous monitoring.
  • Manage and maintain Plans of Action and Milestones (POA&Ms).
  • Perform risk assessments and security analyses to identify vulnerabilities and recommend mitigation strategies.
  • Assist in implementing security controls for hardware, software, cloud, and network environments.
  • Support implementation of DHS and NIST cybersecurity policies, standards, and best practices.
  • Gather and analyze technical information related to system security architecture, infrastructure, and mission requirements.
  • Assist technical and program leadership with complex cybersecurity initiatives and security planning.
  • Coordinate cybersecurity activities across multiple technical teams and stakeholders.
  • Support security audits, assessments, and compliance reviews.
  • Respond to customer data calls and support cybersecurity reporting requirements.
  • Provide technical guidance and recommendations to project leadership.
  • Lead or support major cybersecurity initiatives requiring advanced technical expertise.
  • Collaborate with geographically dispersed teams to achieve mission objectives.

Requirements

  • U.S. Citizenship
  • Active TS/SCI Clearance
  • Ability to obtain DHS Suitability
  • 5+ years of directly relevant information security management experience
  • Hands-on experience with Linux operating systems or Amazon Web Services (AWS)
  • Experience supporting the NIST Risk Management Framework (RMF)
  • Experience supporting complete Authorization to Operate (ATO) efforts from initiation through authorization
  • Experience developing RMF documentation including SSPs, Contingency Plans, Incident Response Plans, and Configuration Management Plans
  • Strong experience managing Plans of Action and Milestones (POA&Ms)
  • Knowledge of Assessment and Authorization (A&A) processes
  • Knowledge of Computer Network Defense (CND) policies, procedures, and regulations
  • Understanding of defense-in-depth principles and network security architecture
  • Knowledge of ATO requirements and continuous monitoring processes
  • Experience implementing and assessing security controls across hardware, software, and network environments
  • Knowledge of authentication, access management, boundary protection, and network segmentation
  • Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, and Visio)
  • Ability to manage multiple complex assignments requiring sound technical judgment and innovation
  • Excellent written and verbal communication skills
  • Ability to work effectively across geographically dispersed teams

Preferred Skills

  • Experience with RMF management tools such as CSAM, Xacta, Archer, or RegScale
  • Experience with vulnerability scanning tools including Nessus, Security Center, Tenable Vulnerability Management, Nmap, Wiz, or Burp Suite
  • Experience with Endpoint Detection and Response (EDR) platforms such as CrowdStrike or Carbon Black
  • Working knowledge of SIEM and SOAR platforms including Splunk, ELK, or similar technologies
  • Familiarity with Zero Trust architecture
  • Knowledge of role-based access control (RBAC)
  • Experience with scripting or automation using Python, AWS CLI, AWS Lambda, Bash, or PowerShell, Bachelor's degree in Information Systems, Cybersecurity, Computer Science, Information Technology, or a related field. OR High School Diploma with 7+ years of directly relevant information security management experience.

Desired Certifications

  • DoD 8140.01 IAT Level III
  • CISSP
  • AWS Certification
  • Cisco Certification
  • Microsoft Security Certification

Benefits & conditions

  • Competitive compensation with annual performance bonuses
  • Premium Medical, Dental & Vision coverage
  • Generous PTO plus Federal Holidays
  • 401(k) with company match

Apply for this position