Washington DC

Senior information Systems Security Manager

Job Specs

Cyber Defense
District of Columbia, United States

Job Description: Senior Information System Security Manager

XOR Security is currently seeking several talented Senior Information Systems Security Manager to support an Agency-level Advanced Cyber Analytics team.


  • Manage ISSO efforts with respect to established duties
  • Serve as Derivative Classifier as required by location
  • Read and implement IA regulations and requirements per DOE-IN CISO’s direction; develop and maintain managerial, operational, and technical IA skillset
  • Comment on new ODNI/NIST standards / regulations as applies to client environment
  • Review A&A documentation (BOE) to assure accuracy and professionalism as well as compliance to ODNI requirements. Support development of Contingency Plan, Incident Response Plan, and Configuration Management Plan
  • Employ best practices when implementing security requirements within an information system including
  • Manages extensive evaluations of major information security networks, prepares evaluation reports, and presents recommendations. Conducts trade off analyses of products for clients to determine optimal informant security solutions
  • Prepares remedial options and supervise correction of information security shortfalls
  • Manage, maintain, and ensure successful implementation of Certification and Accreditation program
  • Ensure products and services comply with all appropriate (ITSEC) certification & accreditation requirements and best practices as prescribed by the ODNI, local authorities
  • Analyze scan results, and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the product
  • Prepare Security documentation in support of project tasks and as tasked for approved project requirements, which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product, including but not limited to Authority of Operated (ATO), Authority to Test (ATT), Memorandum of Understanding (MOU), and Interconnection Security Agreements (ISA)
  • Assure that Personal Electronic Devices are properly configured for ingress into the SCIF and review for data acquisition/retention upon SCIF egress
  • Update PED documentation as required to be in-compliance with DOE-IN and IC policy
  • Develop/Update training material include refresh training, role specific training, task specific training
  • Respond to cyber incidents as defined in DOE-IN Incident Response and local SOP
  • Principle interface to IC-SCC with respect to incidents, forensic review and conclusion of investigation of all cyber related events.

Required Qualification:

  • Must possess 15 years of information assurance experience with a bachelor’s degree in a technical field. Five of the 15 years must be technical experience effectively providing network and/or system administration, information assurance security testing, and evaluation duties
  • Familiar/proficient in all security domains
  • 5 Years of C&A experience with, DCID 6/3, ICD-503, and/or NIST Framework
  • Knowledge of the IC, national level system security initiatives, and secure Information/Local Area Network (LAN)/Wide Area Network (WAN) technologies
  • Possess effective interpersonal and presentation skills; possess the ability to communicate in written and oral form; publication or presentation experiences are preferred
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures
  • Possesses experience supporting the Intelligence Community (IC)
  • Experience with supporting the Joint Worldwide Intelligence System (JWICS)
  • Knowledge of cloud architecture
  • Preferred technical experience effectively provided network and/or system administration, and/ or computer operations
  • Knowledge of virtualization. Must possess CISSP, CISA or CISM certification
  • Active Top-Secret Clearance required

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET/SCI CLEARANCE REQUIRED.