Draper Information Systems Security Manager (ISSM - Onsite) in Cambridge, Massachusetts
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact email@example.com.
The Information Systems Security Manger (ISSM) will perform work for multiple Department of Defense (DoD) programs. This position can be either Specials or Collateral. The ISSM will work under the direction of the Cybersecurity Compliance Team Lead. The successful candidate must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands customer service, communication, and organizational skills.
Due to the nature of this work, this job requires on-site presence in Cambridge, MA. Flexible hours and/or schedules will be determined between the employee and hiring manger.
Perform oversight of the development, implementation and evaluation of information systems security program for assigned programs in compliance with either DAAPM or JSIG RMF.
Research and recommend integrated security solutions for multiple classified IS with various operating systems.
Assist with design & development of integrated security solutions.
Prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, RAR, SCTM).
Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
Apply and develop cyber security standards, directives, guidance and policies to collateral classified computing environments.
Investigate security incidents to include data spills, data integrity incidents, and malicious code incidents.
Ensure system security measures comply with applicable government policies (RMF, NIST, DISA STIGs, SCAP, DAAPM, JSIG)
Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
Provide support to other cybersecurity personnel for maintaining compliance with operating requirements.
ACTIVE DoD TOP SECRET Clearance (A clearance that has been active in the past 24 months is considered active)
DoD Directive 8570.1 IAM Level II or higher certification (CISSP preferred) or able to complete within 6 months of hire.
4+ years of experience as an ISSM implementing DAAPM, RMF, ICD 503, and/or JSIG IS requirements.
Experience with eMASS
Experience configuring and reviewing security functions of information systems including Windows 10, Windows 10/Server 2016, Linux, RHEL 7, Cisco Networking gear.
Familiarity conducting vulnerability scans (NESSUS or ACAS experience desired).
Experience conducting security analyses to include security configurations and risk assessments.
Experience with DAAPM +/or JSIG Compliance.
Experience working with DCSA as the AO (Authorizing Official)
Familiarity with Cybersecurity Maturity Model Certification (CMMC) to support DFARS requirements under 252.204-7012 for doing business with the DoD.
Understanding of virtual environments and containerization tools/technologies.
Familiarity with C2G/C2C interconnected systems and/or Unified/Enterprise Wide Area Network (WAN) environments to include Secure Internet Protocol Router Network (SIPRNet), Missile Defense Agency Classified Network (MDACNet), and Secure Defense Research Engineering Network (SDREN)
Top Secret Clearance required.
External Company Name: The Charles Stark Draper Laboratory Inc