Overview:

Quantum Research International, Inc.(Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Shalimar, FL; and Tupelo, MS.

Mission:

As a member of the NGA DEFENDER Cross Domain Governance team, Information Systems Security Manager supports the Cross Domain Support Office which governs delivery of cross domain capabilities at mission speed, defends NGA's classified networks, enables federated cross domain services, and develops cross domain expertise throughout NGA. Ideal candidate will support the development and maintenance of a Government approved NGA Cross Domain Strategic Plan that includes an Enterprise Cross Domain Service (ECDS) Provider Roadmap, NGA Cross Domain Consolidation Plan, and CDSO Communications Plan. The Contractor shall support the development, maintenance, and implementation of a Government approved Cross Domain Support Office Governance Concept of Operations (CONOPS) with a common, reusable framework for governing all Cross Domain systems in NGA, to include, but not limited to: Standardized Rule Sets for Cross Domain Data Flows and a Cross Domain Filter Policy Catalog and Repository. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) offsite in a contractor facility in the National Capitol Region (NCR) near NGA headquarters in Springfield, VA.

Responsibilities: Will support the customer CIO as responsible agent for the cybersecurity of a NGA program, organization, system, or enclave.

Specific responsibilities include:

• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture and cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
• Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Identify information technology (IT) security program implications of new technologies or technology upgrades.
• Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
• Interpret and/or approve security requirements relative to the capabilities of new information technologies.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Lead and align information technology (IT) security priorities with the security strategy.
• Lead and oversee information security budget, staffing, and contracting.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
• Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
• Oversee the information security training and awareness program.
• Participate in an information security risk assessment during the Security Assessment and Authorization process.
• Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered and track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

Requirements:

• Associate's degree or higher desired in an accredited Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering; or a degree in a Mathematics or Engineering field.
• Knowledge of computer networking concepts and protocols, network security methodologies, and risk management processes (e.g., methods for assessing and mitigating risk).
• Experience with laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

• Expertise with assessing the impact of cyber threats and vulnerabilities and the potential impacts of cybersecurity lapses.
• Knowledge of encryption algorithms, data backup and recovery, business continuity and disaster recovery continuity of operations plans, and host/network access control mechanisms (e.g., access control list, capabilities list).
• Understands cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Expertise with incident response and handling methodologies, as well as intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Understands system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Experience with server administration and systems engineering theories, concepts, and methods; server and client operating systems; and system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Experience with information security program management and project management principles and techniques, and supply Chain Risk Management Practices (NIST SP800-161).
• Expertise with system administration, network, and operating system hardening techniques.
• Experience with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Understands security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services, and penetration testing principles, tools, and techniques.
• Knowledge of controls related to the use, processing, storage, and transmission of data.
• Ability to translate the organization's core business/mission processes as related to policy.
• Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
• Exposure to external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
• TS/SCI eligible, subject to CI Polygraph.
• IAT, IAM, or IASAE Level 3

Desired/Preferred Skills

• Create policies that reflect system security objectives.
• Determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Evaluate the trustworthiness of the supplier and/or product.
• Apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Ability to conduct administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
• Prepare plans and related correspondence and develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.