UF Information Technology (UFIT) is currently seeking an Information System Security Manager (ISSM) to join the Information Security Office (ISO), a unit of UFIT, to support UF's expansion into the area of proprietary, applied and classified (PAC) research.
The ISSM will be a member of the ISO solely dedicated to Florida Applied Research in Engineering (FLARE). This position requires the ISSM to perform all process and procedures necessary to comply with the National Industrial Security Program Operation Manual (NISPOM), the Defense Security Services Assessment and Authorization Process Manual (DAAPM) and in accordance with University of Florida policies and standards in order to ensure the safe development of the FLARE information system assets and to protect systems from intentional or inadvertent access or destruction.
While participating in the full software development life-cycle, you will:
- Serve as the principal advisor on all matters, technical and otherwise, involving the security of the Information Systems for the Florida Academic Repository (FLARE)
- Be accountable for the implementation of the UF Risk Management Framework (RMF) for FLARE
- Ensure the fulfillment of the Information Owner (IO) data requirements, such as storage, processing, AFT, incident response, collection, dissemination, and disposal
- Develop incident management, change management and the Continuity of Operations Plan (COOP) for the information systems for FLARE
$85,000 – 95,000 annually; commensurate with education and experience.
In addition, the University of Florida offers a very competitive benefits package.
To qualify, the applicant must have completed a Bachelor’s degree in an appropriate area and have four (4) years of relevant experience. Appropriate college coursework or vocational/technical training may substitute at an equivalent rate for the required experience, but does not negate the minimum degree requirements.
An active DOD Secret Security Clearance. DoD 8570 Compliance.
In addition to the minimum requirements, it is strongly preferred that applicants will have:
- Intermediate level knowledge of client/server, network topology, network/infrastructure security, network operating systems, and web technologies
- Understanding of Risk Management frameworks as described in NIST SP 800-37
- Knowledge of security and privacy requirements such as FISMA Security Requirements and their effects on delivering software to Federal Agencies
- Familiarity with multi-platform environments and their operational/security considerations
- Working knowledge of operating systems such as Linux, Windows, UNIX
- Working knowledge of Databases, MySQL, Mongo, Oracle, AWS RDS
- Working knowledge of LDAP, Active Directory and other Identity Providers
- Understanding of middleware and web servers such as Apache and IIS, JBoss
- Intermediate level problem-solving skills as well as teamwork and communication skills including speaking and writing skills
- Communication skills and knowledge of industry trends
- Minimum of 7 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web monitoring tools, techniques, and threats
- Preference is for candidates with a background in systems administration
- Experience implementing and supporting infrastructures that meet and adhere to the controls defined in the DoD Intelligence Information System (DoDIIS) – Joint Security Implementation Guide (DJSIG) and the DoD Joint Special Access Program Implementation Guide (JSIG). Successful experience implementing and supporting the Risk Management Framework (RMF) as defined in the above directives is required.
- Experience implementing and supporting Defense Information System Agency (DISA) Secure Technical Implementation Guides (STIG) for Red Hat Linux and Microsoft Windows Server Operating Systems
- Experience with the use of NIST SP 800-53r4 for SSP documentation
- Experience in application development lifecycles
- Experience engaging with large engineering, development, and operations teams
- Understanding of and experience with vulnerability scanners including static, dynamic, and Host, OS and Database scanners such as Nessus
- IAM Level III Certification (GSLC, CISM and/or CISSP)
- Institutional knowledge of the University of Florida’s IT environment and information systems
- Flexible in work style and able to work in open workspace environment