Where applicable, confirmation that you meet customer requirements for facility access which may include proof of vaccination and/or attestation and testing, unless an accommodation has been approved.

Secure our Nation, Ignite your Future

ManTech is seeking a Cyber Policy Analyst to support our operations in Virginia Beach, VA.

Basic Overview:

The Cyber Policy Analyst position will conduct Risk Management Framework (RMF) assessments using the DoD RMF Process to support efforts in obtaining Authority To Operate (ATO) for new and existing systems. Upon obtaining ATO's the Policy Analyst shall work with customers to monitor security controls and assist in implementing strategies for monthly patching, scanning, annual security reviews, and triennial reauthorizations.

This position will also work within a team construct that is focused on developing a strategy for authorizing systems and Platform Information Technology in tactical maritime environments. Additionally, this position will provide cybersecurity engineering support during system design and development to help facilitate Assessment and Authorization success for the fielded system.

Requirements Include:

• Strong knowledge of Information Technology (IT) policy and compliance methodology
• Demonstrated skills in performing process/control walkthroughs and control testing, and creating procedure narratives and flowcharts
• Demonstrated interpersonal skills, excellent oral and written communication skills, analytical skills, problem solving and organization skills
• Experience in the Cybersecurity area or Information Assurance (IA) supporting DoD or federal programs, including DIACAP and RMF, such as accreditation package development and security control testing or validation
• Experience with Enterprise Mission Assurance Support Service (eMASS) and the associated data input in support of the RMF process
• Experience with DoD Secure Technical Implementation Guidance (STIGs), checklists, and Security Requirements Guides (SRGs) in addition to reporting compliance via the Vulnerability Remediation Asset Manager (VRAM)
• Experience with developing A&A policy, guidance, or procedures
• Experience in support of various inter-related IT systems and services, including HBSS and configuration reviews, database security, cross domain solutions, and vulnerability scanning
• Requires strong writing skills.
• Requires experience with use of Microsoft Excel.
• Candidate must be very detail oriented.
• A minimum of five years of related experience is required, two of which must be specialized in IA.

Education/Clearance/Certification Requirements:

• Secret clearance - preferred with SSBI
• Current CISSP Certification
• CompTIA Security+ CE (CISSP Preferred)
• Operating system certification (Windows Server) or proof of training (certificate)
• Bachelor's Degree in Computer Science, Information Assurance, Information Systems, or other related scientific or technical discipline is preferred. Work experience or industry certifications demonstrating technical proficiency may be substituted for education requirements.
• Certification in industry recognized areas would include Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC GSLC, or Security+
• Level 2 Validator Certified

Preferred Qualifications:

• Bachelor's Degree
• At least 5 years' experience in vulnerability compliance and remediation reporting.
• At least 2 years' experience in maintaining system Plan of Action and Milestones (POA&M).
• At least 2 years' experience in Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) validation and compliance reporting.
• At least 2 years' experience in National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
• At least 2 years' experience in Department of Defense (DoD) Enterprise Mission Assurance Support Service (eMASS).
• Security clearance of Secret - Active with SSBI preferred

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click [email protected] and provide your name and contact information.