L3Harris

Job Title:   Sr Specialist, Cyber Intelligence - ISSM (TS)

Job Code:   9327

Job Location:  Washington, DC

Job Description:

L3Harris has an immediate opening for a Sr Information Systems Security Manager (ISSM) responsible for the development, deployment and execution of controls and defenses to ensure the security of company/customer technology, information systems, and system deliverables. The ISSM develops and implements appropriate standards and criteria for hardware, software, access and encryption requirements. Establishes system security designs and validates compliance requirements.

Essential Functions:

• Subject matter expert with comprehensive knowledge of job area and in-depth knowledge of project management. Manages large, complex project initiatives of substantial importance tothe organization with minimal oversight or direction. Communicates within and outside of the organization to explain and influence changes to practices, processes and approaches.
• Assesses and mitigates system security threats and risks throughout the program life cycle.
• Performs system certification and accreditation planning, testing, and validation activities in coordination with government customers.
• Supports secure systems operations and maintenance.
• Conducts internal information technology system audits and risk assessments and reports findings and recommendations for corrective actions to management. Executes first level responses and addresses reported or detected incidents.
• Investigates and analyzes all response activities related to cyber incidents. Interprets, analyzes, and reports all events and anomalies in accordance with directives, to include initiating, responding, and reporting discovered events. Safeguards information against unauthorized use, infiltration, exfiltration, modification, destruction or disclosure of national security information.
• Makes significant improvements in processes, systems, or products. Provides input into new products/processes and implements operational plans that have measurable impact on business or functional results.
• Work is guided by individual annual goals and objectives with minimal oversight or direction. Frequently responsible for providing guidance, coaching and training to other employees across the Company within area of expertise. Work to achieve operational targets with direct impact on departmental results. Contribute to development of goals for department and planning efforts (budget, operational plans, etc.).
• Work consists of making significant improvements of processes, systems, solutions, or products to enhance performance of job area. May develop new concepts or standards. Opportunities for problem solving and innovation are undefined, where information is difficult to obtain.
• Conducts extensive investigation to understand root cause of problems. Problems span a wide range of difficult and unique issues across the function and/or business area.
• Analyze and administer security controls for information systems.
• Safeguard the network against unauthorized infiltration, modification, destruction or disclosure.
• Research, evaluate, test, recommend, communicate and implement new security software or devices.
• Implement, enforce, communicate and develop security policies or plans for data, software applications, hardware, and telecommunications.
• Collaborate with system administrators to ensure implementation of device and system hardening following Defense Information Systems Agency (DISA) and National Institute of Standards and Technology (NIST) guidelines.
• Identify non-compliant system security controls and develop Plans of Action and Milestones (POA&Ms).
• Coordinate remediation of technical and non-technical security control deficiencies.
• Assist in investigation of security incidents such as data spills, data integrity, and malicious events.
• Provide details for developing Information System Security (ISS) Risk Management Framework (RMF) documentation (SSP, SAR, RAR, SAP, SCTM, POA&M, etc.) to support the Assessment & Authorization (A&A) of assigned systems.
• Performs ISS controls assessments as part of the systems’ Continuous Monitoring Plan
• Oversee configuration management of assigned systems and perform periodic hardware/software inventory assessments.
• Document annual ISS Self Assessments.

Qualifications:

• Bachelor’s Degree and minimum 6 years of prior relevant experience. Graduate Degree and a minimum of 4 years of prior related experience. In lieu of a degree, minimum of 10 years of prior related experience.
• 4+ years of experience in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solutions.
• 4+ years’ experience as an ISSM (or equivalent position) overseeing cybersecurity on classified systems, applying RMF controls under NIST 800-53, ICD503, JSIG.
• Experience with Microsoft Windows 10, Red Hat Enterprise Linux/Unix Information System Security requirements to include archiving audit log data.
• DoD 8570.01 IAT Level II certification required such as Security+ or CISSP.
• Active Top Secret security clearance with SCI eligiblity.

Preferred Additional Skills:

• Active TS/SCI security clearance.
• Experience running security compliance scans and interpreting vulnerability scanning results (Nessus, SCAP).
• Experience completing DISA Security Technical Implementation Guidelines (STIG) checklists.
• Experience reviewing workstation, server, network device, and Intrusion Prevention System (IPS) logs using security information and event management (SIEM) tools.
• Active Offensive Security Certified Professional (OSCP).