Overview
BigBear.ai is seeking a
Staff Level, Information Systems Security Manager. This role is responsible for the cybersecurity of a program, organization, system, or enclave. As the Information Systems Security Officer (ISSO), this role is responsible for the cybersecurity of a program, organization, system, or enclave and will report directly to the BigBear.ai Chief Information Security Officer (CISO)
Onsite 2-5 days a week in Chantilly, VA. The amount of days onsite will vary depending on the week.
What You Will Do
- Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
- Advise senior management (e.g., CISO, CIO) on risk levels and security posture.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders for the relevant enclave(s).
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
- Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
- Identify alternative information security strategies to address organizational security objective.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Oversee the information security training and awareness program.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
- Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
- Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
What You Need To Have
- Bachelor's Degree and 2 to 5 years of experience; or
- Master's Degree and 0 to 3 years of experience; or
- in lieu of a degree, 8 to 10 years additional experience
- Clearance: must possess and maintain an active Top Secret clearance
- Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
- Experience working with NIST 800-53 and NIST RMF
- Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for national security systems.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of measures or indicators of system performance and availability
- Skill in creating policies that reflect system security objectives.
- Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- Knowledge of current and emerging threats/threat vectors.
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Understanding of threats to Cleared facilities
- Understanding of Safeguarding and Handling Procedures for classified information
- Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
- Knowledge of penetration testing principles, tools, and techniques.
- Understanding of Continuous Security Monitoring
What We'd Like You To Have
- TOP SECRET/SCI with poly
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Knowledge of network traffic analysis methods.
- Knowledge of server and client operating systems.
- Knowledge of the organization's enterprise information technology (IT) goals and objectives.
- Experience implementing DISA STIGs
- Experience working as an ISSM for a federal contract
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on BigBear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in Columbia, Maryland, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.