This position is located in Arlington, VA.
Position Summary: The Information System Security Manager is a hands-on information system security role within the Office of the CIO Information Assurance (IA) team of the Software Engineering Institute (SEI) that operates, monitors, and maintains accredited information systems. This is an opportunity for a cleared IA professional in the Arlington VA area with strong organization and communication skills and working experience with modern Windows system administration tools and operating techniques in a Windows-based accredited network. This position is responsible for facilitating and assuring that information systems in the Arlington VA office remain complaint with DoD and other USG regulations. The position works closely with SEI groups and outside sponsors to coordinate the certification and accreditation of accredited information systems.
Minimum Qualifications and Requirements:
Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience. Current Microsoft server certifications; one or more of MCITP (Server & Client), MCSA, MCSE, etc.
Licenses: One or more of: CAP, CASP CE, Security+CE, SSCP, GSEC, CISM
Experience: Five or more (5+) years of system and network administration experience using modern system administration tools and operating techniques in an accredited production Microsoft Windows infrastructure. Prior experience as an ISSO / ISSM (IAO/IAM) in a small to medium-scale classified enclave. Experience as a system / network administrator for services under government cognizance (e.g., DISA, DSS); knowledge of the DOD STIGs and their application in establishing and operating information systems. Experience confirming audit records and STIG compliance for systems in an accredited Microsoft Windows infrastructure.
Skills/Abilities: Problem solving skills. Demonstrated knowledge of Windows operating system commands/utilities; demonstrated knowledge of system administration tools and processes such as those used to manage software, Group Policy Objects, and other aspects of Active Directory; demonstrated knowledge of server and network problem resolution based on examination of events/alerts and system monitors/logs.
Mobility: Normally sedentary but some business travel required (e.g., training, other SEI locations, etc.) Computer hardware installation and configuration required on an infrequent basis involving objects typically <= 30 pounds (heavier objects with assistance).
Environmental Conditions: Normal office condiditons, close contact with computer displays for prolonged periods of time.
Mental: Ability to identify, isolate and resolve systems problems. Communicate the nature of problems to different parties (e.g., system / network administrators, IA professionals, IT user support, etc.) to resolve technical issues, sometimes under pressure. Temperament and maturity to self-motivate and prioritize tasks with input from a remotely located manager.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Must meet and maintain DoD 8570-M readiness requirements within six (6) months of employment. Additional work hours (weekend and evening hours) may be required on an infrequent basis. May be required to stay at or return to work during incidents and/or emergencies to perform duties as requested.
Preferred Qualifications and Requirements:
Licenses: One or more of the following: Active CISSP (or Associate), GSLC, CISM.
Experience: ICD-501/503 experience; prior use of the ACAS tool chain, Security Content Automation Protocol (SCAP) validation tools, awareness of NISPOM IS-relevant rules, etc.
Accountability: Ensures server(s) and client stations are operating efficiently and resolves issues. Verifies that accredited systems maintain their prescribed configuration and addresses/reports deviations from same immediately. Recommends and performs modifications to enhance server/service performance and reliability.
Regularly communicates with the ISSO and ISSM as well as IT engineering group leaders in Pittsburgh to convey operational status information relevant to the services in scope.
Responsible for proper handling (e.g., safe storage, proper marking, approved destruction) of document and media used in the operation and maintenance of classified systems.
Responsible for providing information relating to equipment and facility needs each fiscal planning session to aid in budgeting expenses related to the operation of accredited systems in “closed” areas.
Participates in the development or revision of IS-specific security safeguards and local operating procedures to satisfy certification requirements. Works with the ISSM and ISSO in Pittsburgh to align policies to DC operations.
Direction: Works under limited supervision from a remote manager as part of the OCIO IA team.
Expected to act independently to maintain and securely operate accredited systems with guidance from the lead ISSM, FSO, and OCIO senior management. Draws guidance from relevant operational security guidelines / manuals, turning to the lead ISSM for clarification when needed.
Most work is performed independently, or in concert with the lead ISSM and appropriate IT staff.
Decisions: Must be able to identify user and systems issues and resolve trivial issues independently. Information Security issues and complex operational problems are handled in concert with the ISSO, ISSM and appropriate IT or Security staff.
Supervisory Responsibilities: No regular staff supervisory responsibilities.
Regularly inspects accredited systems and may task other IT personnel in order to address infractions or post-audit POA&M issues.
Will assist in the training process for new staff and users of accredited systems.
Job Functions or Responsibilities:
20% Installs, maintains, configures and upgrades accredited servers, workstations and network devices in accordance with most current STIG documents. Assists users to resolve problems related to closed area systems and services.
15% Reviews server logs directly or with analysis tools to discern operational anomalies, including operational threats (e.g., resource contention/exhaustion) and security concerns; addresses and/or reports these to IA colleagues or IT as appropriate.
15% Reports on the operational status of accredited information systems based on reviews and scans to accrediting agencies, possibly through established channels such as ACAS, HBSS, etc. Reporting is coordinated with the IA team in the Pittsburgh office.
10% Performs C&A duties including submission of accreditation documents. Drives IS related self-inspection activities and C&A / CCRI preparations. Primary interface to the local DSS IS representative.
10% Performs classified IS user indoctrination briefings and manages IT accounts / credentials of classified systems, including required recordkeeping (account lifecycle, DoD IAA training status, policy acknowledgements, etc.).
5% Functions as the secondary COMSEC custodian for the SEI Arlington (a/k/a DC) office responsible for device inventory, key management and loading, etc.
5% Supports the FSO to prepare for traditional security inspection activities, complete self-inspections, etc.
5% Performs limited FSO or CSSO duties in a backup capacity as directed.
10% Other IT / IA related duties as assigned by the OCIO.
5% Training and professional development to keep current with new technologies and regulations.
100% Total Effort
Organizational Chart: CIO < Deputy CIO < Information System Security Manager
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.