Information Systems Security Manager

Last updated 4 days ago
Location:Reston, Virginia
Job Type:Full Time

The security of our nation and preservation of our nation’s interest are critical to the safety and prosperity of the United States. The Microsoft Corporation is proud to have the opportunity to serve as a trusted company of high-risk systems and is seeking a qualified candidate to join our National Security organization as an Information Systems Security Manager (ISSM) in Reston, Virginia.

Implementing Government Cyber Security policy & providing guidance (i.e. NIST, NISPOM, DAAPM, etc.). Partner with facility FSO/CSSO to set establish goals, gather performance metrics, document and streamline relevant processes and execute strategies that enable business. Engage with engineers, program managers to perform assessments of systems and networks within an environment, identify deviations with DoD/DISA defined acceptable configurations or local policy. Ensure Information System (IS) assessments are achieved through passive evaluations such as compliance audits and active evaluations. The ISSO will also be accountable to co-lead efforts to establish strict program control processes to ensure mitigation of risks.

If you have experience implementing NIST RMF requirements for National Security Systems, this is an exciting opportunity, and you are encouraged to apply today.

Security Clearance Requirements: The successful candidate must be a United States citizen and have eligible or active US Government TS Security Clearance and the ability to pass a polygraph. Candidate must be able to travel to customer sites as required. The selected candidate must be able to start within 30 days of offer acceptance.


Core Responsibilities:

Program control processes or content for assessment artifacts in scope will include:

  • Process, maintain and execute investigations to meet DoD and IC systems requirements on system security plans (SSP)
  • Maintain knowledge in system controls for system accreditations
  • Understand engineering requirements to apply controls in compliance of the NIST of the Risk Management Framework (RMF)
  • Coordination with engineering leadership to enable delivery of Microsoft products & services and provide effective incident response
  • Continuous Monitoring, test development and validation testing to enable communication to DoD and IC customers
  • Develop, create, implement, and support physical and operations security (OpSec) policies, plans, processes and training material that position the FSO/CSSO offices to operate in a manner that is compliant with relevant U.S. Government (and/or other unique environment) security standards and requirements for the physical design, construction, and operation of highly confidential and regulated projects
  • Document and improve processes around confidentiality, security, and compliance to ensure the work that is being done is conducted per Government standards
  • Monitor and audit field sites and supplier processes and methods to assess the state and health of physical and program security
  • Represent Microsoft by collaborating with external entities and the U.S. Government
  • Required to travel throughout the metro DC area to maintain system accreditation


Basic Qualifications:

  • Eligible or active TS Security Clearance, with polygraph preferred
  • 5 years of relevant experience, or 2 years of experience with applicable bachelor’s degree
  • At least one year of direct experience with an intelligence community or signals intelligence activity
  • The successful candidate will possess excellent communication and presentation skills as well as can interface effectively with employees and customers of all levels
  • Ability to travel to customer locations upon request
  • Practical knowledge of DCSA’s Risk Management Framework (RMF)

Preferred Qualifications:

  • Bachelor’s degree in Computer Science, Information Systems, Data Science, Engineering
  • Current IAM DoD Level 1 Security certification (CAP, GSLC, or Security+ CE)
  • 2 years of information assurance experience, including evaluating, testing, certifying and accrediting of classified and sensitive but unclassified information systems as well as Commercial Off The Shelf (COTS) and Government Off The Shelf (GOTS) products.
  • SAP (nice to have) and 2 years of network/system administration.
  • Experience with analysis and evaluation of both hardware and software in support of Intelligence Community (IC), Department of Defense, and other Federal Government Agencies.
  • Experience assessing and auditing network penetration testing, antivirus planning assistance, risk analysis and incident response.
  • Experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resultant security risk analysis.
  • Experience or knowledge of construction for a secure area, ICD 705
  • Experience managing COMSEC, keying devices, lifecycle planning.
  • CISSP, CISM, or PMP certification strongly preferred

If hired for this position, the team you would be joining is part of our Cloud organization and/or works with government contracts and as such has a unique background check requirement, detailed below. Please note you will be provided with steps for completing the check if you accept a role on the team.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screening(s):

  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

The successful candidates must have an active U.S. Government Top Secret Clearance. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate clearance and/or customer screening requirements may result in employment action up to and including termination.

Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.