Information Systems Security Manager (ISSM) bei Metron

Metron is seeking an experienced Information Systems Security Manager (ISSM) to manage and maintain cybersecurity compliance for classified information systems. The ISSM will oversee all aspects of authorization, accreditation, and continuous monitoring under the DoD Risk Management Framework (RMF), ensuring full compliance with Defense Counterintelligence and Security Agency (DCSA) requirements and other applicable federal security standards.

Responsibilities:

• Manage the lifecycle of Assessment and Authorization (A&A) activities in accordance with RMF, JSIG, and DoD policy.
• Prepare, maintain, and update System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), and associated artifacts.
• Serve as primary liaison with internal stakeholders and DCSA, as well as other governing bodies, to coordinate assessments, inspections, and authorization packages.
• Ensure system configurations, network architectures, and operational practices remain compliant with applicable security baselines and STIGs.
• Lead and document continuous monitoring (ConMon) and vulnerability management activities for classified systems.
• Oversee implementation of corrective actions and manage Plan of Action and Milestones (POA&M) tracking.
• Support future classified communications link establishment (e.g., SIPRNet, JWICS, secure video, and voice systems).
• Provide guidance to system administrators and engineers on secure configuration management and audit practices.
• Maintain awareness of evolving DoD, NIST, and DCSA cybersecurity policies and integrate updates into security documentation and controls.

Required Qualifications: 

• Active Top Secret clearance (with current SSBI or Tier 5 investigation).
• Demonstrated experience supporting DCSA authorization and assessment processes.
• Hands-on experience using eMASS to manage RMF packages and artifacts.
• Experience managing COMSEC material and equipment, including understanding of key management procedures, safeguarding requirements, and incident reporting in accordance with DoD and DCSA policy.
• Experience working in SCI and SAP environments.
• Strong knowledge of NIST SP 800-53 security controls and RMF implementation.
• Proven experience managing Windows server and desktop environments in classified domains.
• Experience performing continuous monitoring and cybersecurity hygiene activities across network enclaves.
• Experience designing, implementing, and maintaining secure system architectures and enclaves.
• Excellent written and verbal communication skills, including the ability to prepare detailed security documentation.

Desired Qualifications        

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
• Minimum of 4 years of experience as an ISSO, ISSM, or system security professional supporting classified systems.
• Experience with Linux operating systems.
• Familiarity with NISPOM, DFARS 252.204-7012, and FISMA requirements.
• Network administration experience (Cisco or equivalent).
• System hardening and STIG compliance experience.
• One or more of the following certifications: CISSP, CISM, CAP, CASP+ CE, GSLC, or CCISO.

Position Location:  Reston, VA