Security Info. Assurance / Cybersecurity Analyst, Senior in Dayton, OH

$150K - $200K(Ladders Estimates)

PE Systems   •  

Dayton, OH 45402

Industry: Technical Services

  •  

11 - 15 years

Posted 56 days ago

ESSENTIAL AREA OF RESPONSIBILITY:

All areas of responsibility listed below are essential to the satisfactory performance of this position, with reasonable accommodation, if necessary. Work responsibilities may vary, depending upon assignment. Work is located on Wright-Patterson Air Force Base, OH

GENERAL FUNCTION:

General Information

· Assist in ensuring implementation of DoD, USAF and MAJCOM policies and update local processes and procedures necessary to support day-to-day operations.

· Assist the USG to organize, coordinate, identify, and satisfy the IA/ Cybersecurity requirements consistent with DoD policies, standards, and system architectures.

· Assist in formulating architectural design, functional specifications, interfaces and documentation of hardware or software systems.

· Utilize the RMF to support Authorization and Accreditation (A&A) of assigned systems. The Contractor shall assist in the monitoring of systems throughout the lifecycle management process from concept to decommission.

· Provide assistance in developing, modifying, reviewing, and coordinating IT Categorization Determination packages, Information Assurance Strategies (IASs), Information Assurance Plans (IAPs), PPPs, SSPs, Information Assurance Assessments, System Assessments, Interconnection Security Agreements (ISAs), Verification and Validation testing, Development and Design, requirements identification, Baseline Control selection, Applicability Assessments, Mitigation Strategies, Milestone Requirements Assessments, Configuration Management reviews, Continuous Monitoring, IA Liaison functions between the Developer, User Community and Program Management, leading the IA Integrated Process Team (IAIPT). The Contractor shall assist with the development of specific artifacts for program reviews and the review of IA requirements in the development and assessment of RFPs and ECPs. The Contractor shall assist with the evaluation of technical implementations of security designs to ensure that securitysoftware, hardware, and firmware features affecting confidentiality, integrity, availability, accountability, and non-repudiation have been implemented as documented in the JSIG (current version)/NIST 800-53 or while meeting the IA/Cybersecurity requirements of DoD Instruction 8500.01, Cybersecurity, DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), DoD Instruction 5200.39, and Air Force Instruction (AFI) 33-210, Air Force Certification and Accreditation (C&A) Program (AFCAP), as well as DCID 6/3, and JSIG requirements.

Systems and Applications

· Shall have a working knowledge of telecommunications concepts and principles, operating modes, systems, media, equipment, equipment configuration, and related software systems, processes and procedures to assess and advise on vulnerability to attack from a variety of sources (e.g., espionage, disruption of services, destructive programs/applications) and procedures and methods for protection of systems and applications.

· Apply understanding of computer science principles, information management principles, automated data processing (ADP) functions and plans, hardware and software systems' structures and operation, and computer programming languages and techniques to assist in the resolution of automation problems.

· Assist in interfacing with and using minicomputer and mainframe computer systems in addressing project objectives.

· Use standard or conventional approaches, methods and techniques to assist in defining, planning, organizing, designing, developing, modifying, testing and integratingdatabase or data processing systems, computer hardware systems and simulation models.

· Assist in formulating architectural design, functional specifications, interfaces and documentation of hardware or software systems.

· Use detailed specifications and adapt standardized techniques, methods, criteria and precedents to assist in developing or modifying portions of a system or program.

· Provide recommendations for state-of-the-art storage and data retrieval implementation methods as well as formulate functional requirements for information systems.

Information Assurance/Cybersecurity

· Assist in the modification of the Acquisition IA/ Cybersecurity Strategy for external systems.

· Assist the USG to organize, coordinate, identify, and satisfy the IA/Cybersecurity requirements consistent with DoD policies, standards, and system architectures.

· Apply knowledge of computer science principles, information management principles, Automated Data Processing (ADP) functions and plans, hardware and software systems' structures and operation, and computer programming languages and techniques to assist in the resolution of automation problems.

· Assist in the evaluation of different versions of security software for the USG's automated systems.

· Assist with monitoring information system activities to ensure system integrity; establishing reaction and maintenance control for the facility; and assist in performing system access or revocation tasks.

· Report system security incidents, classified message incidents, vulnerabilities, and virus attacks IAW AFSSI 5021.

· Assist in ensuring information systems are cleared or sanitized IAW AFSSI 5020.

· Provide assistance in developing, modifying, reviewing, and coordinating system PIT determination packages, IASs, IAPs, SSPs, Information Assurance Assessments, System Assessments, ISAs, Verification and Validation testing, Development and Design, requirements identification, Baseline Control selection, Applicability Assessments, Mitigation Strategies, Milestone Requirements Assessments, Configuration Management reviews, Continuous Monitoring, IA Liaison functions between the Developer, Simulators Division, User Community and Program Management.

Program Security

· Provide program protection and system security input for SOOs, PWSs, RFPs, and CDRLs.

· Assist in the integration of US export and technology control laws, DoD/Air Force policy and instructions, and other applicable guidance into program protection planning.

· Recommend changes to DoD, Air Force and program security policy and instructions.

· Assist with developing and maintaining time-phased, event-driven SCGs & PSDs.

· Assist with monitoring and reviewing trade studies designed to balance program security risks with costs to the program.

· Assist with designing cost-effective approaches for integrating security requirements into weapon system contracts.

Critical Information

· Assist in the evaluation of security and administrative procedures associated with handling unclassified Critical Program Information/Critical Information (CPI/CI) and classified material.

Classified Information

· Assist in conducting analyses of procedures regarding the handling, controlling, storage and disposition of classified or critical weapon system hardware.

· Assist in producing reports on the results of the analyses, including recommended actions, in either electronic or written form.

Cybersecurity SME

· Shall be DoD 8570 - IAM II compliant (No waivers).

· Demonstrate an advanced understanding of the Risk Management Framework (RMF) and shall apply it within the context of training simulations mission objectives.

· Identify and recommend potential areas where existing data security policies and procedures may require change, or where a supplement is required to mitigate keysecurity risks.

· Assist in implementing the JSIG or ICD 503 (a.k.a. Risk Management Framework) requirements to include technical computer/network system auditing.

· Ensure communication to the ISSMs and Simulators Program Office Cyber leadership and the Program Managers during the lifecycle of the Authorization to Operate (ATO) period; especially if a time arises when the ATO is in jeopardy of not being granted.

· Possess knowledge and experience in providing oversight and execution of the Assessment & Authorization processes (a.k.a. Certification & Accreditation).to assist with ensuring the ISSMs clearly understand their duties as described in the PWS and mentor them to satisfactorily accomplish those duties

· Establish and maintain effective professional working relationships with co-workers, and customers.

· Follow policies and procedures as described in corporate manuals and directives.

· Attend work each day during scheduled work hours unless on approved travel or time off.

· Perform occasional travel to contractor and customer sites, as required (see WORKING CONDITIONS below).

· Work flexible hours, including occasional overtime.

· Carry out other duties as may be assigned or requested.

QUALIFICATIONS:

Education/Certifications/Experience/Skills:

· Shall have a working knowledge of the Risk Management Framework (RMF) process; information system concepts and principles; control families; media; equipment; equipment configuration; and related software systems, processes and procedures to assess and advise on vulnerability to attack from a variety of sources (e.g., hacking, disruption/denial of services, destructive programs/applications) and procedures and methods for protection of systems and applications.

· Assist in ensuring that personnel accessing information systems have the proper cybersecurity certification to perform cybersecurity functions in accordance with the current version of DoD 8570.01-M, Information Assurance Workforce Improvement Program, and AFM 33-285 Cybersecurity Workforce Improvement Program. This applies to those tasks supporting any cybersecurity function.

· Assist in preparation of corrective actions, when necessary, to enforce the requirements within DoD 8570.01.

· Must have Certification to IAM level II as defined in AFM 33-285 and DoD 8570.01; and a Bachelor's degree in a Science, Technology, Engineering, Math, Cybersecurity, or Computer Science field of study and 10 – 15 years of experience specifically in cybersecurity or information assurance.

· Must possess an active DoD Secret Clearance

· Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel, PowerPoint and Access), Microsoft Internet Explorer, and other standard (Customer specified) applications.)

· Must be able to transport self to various facility sites, as required. If using own motor vehicle, must possess a valid driver's license and proof of insurance.


Valid Through: 2019-10-17