Information Assurance Systems Engineer

Location:

Dayton, OH

Time to Fill:

Position Filled

Clearance:

yes

Type:

Full-Time Employee

Responsibilities:

  • Support the Live, Virtual, and Constructive Operational Training (LVC-OT) cybersecurity strategy.

  • Conduct and review cybersecurity operations to include all RMF steps, activities, and tasks to perform Assess and Authorize (A&A) and Assess-Only processes in support of simulator ATSs, MTSs, systems, networks, and ranges.

  • Produce, maintain, track, and upload RMF documents and artifacts into the Enterprise Mission Assurance Support Service (eMASS). Support RMF IAW the RMF Knowledge Service (KS) to ensure Information Assurance (IA) and Computer Security is incorporated throughout the simulator’s architecture system development life cycle (SDLC) at all classifications. Document security controls in all security control families in eMASS. Ensure non-compliant and non-applicable controls are updated according to the Authorization to Operate (ATO). Create and generate RMF documents and artifacts: e.g., Information Technology Categorization and Determination (ITCD), System Security Plan (SSP), Plans of Action and Milestones (POA&M). Determine if system artifacts are complete and accurate.

  • Support Information Owners (IOs). Achieve consistent application and implementation of security policies, countermeasures, and procedures under development and fielded at user sites. Standardize non-technical assessment policies and procedures.

  • Support a simulator programs' ISSMs, ISSOs, and ISSEs. Provide cybersecurity expertise and services. Verify ISSOs are appointed in writing and verify they follow cybersecurity policies and procedures. Develop and maintain organizational and program cybersecurity architecture, requirements, objectives and policies, and cybersecurity processes and procedures. Manage and update RMF cybersecurity information to include verifying artifacts are entered in eMASS.

  • Support Security Control Assessor (SCA), SCA Representative (SCAR), and/or Associate Security Control Assessor Representative (ASCAR). Provide technical expertise and cybersecurity services to augment and functions throughout all security development lifecycles performed within a simulator program's SDLC. Develop and implement Common Control Provider security controls and an eMASS program of record. Develop and distribute Best Practices and Lessons-Learned to the entire simulator fleet.

  • Increase the security posture of programs. Ensure security controls are implemented and working per the ATO. Recommend risk mitigation procedures and countermeasures when a cybersecurity incident or vulnerability is discovered. Ensure a process is in place for users to report all cybersecurity threats, vulnerabilities, and incidents, whether actual or suspected, are reported to authorities (e.g., ISSO, ISSM, PM). Assess the accuracy and completeness of RMF authorization packages IAW the Package Approval Chain (PAC) in eMASS. Reduce the Control Approval Chain (CAC) security control rejection and rework. Provide a centralized management approach to create, update, track, and monitor POA&Ms through resolution of security findings.

  • Conduct fully-credentialed vulnerability and compliance scans using the automated tools (e.g., ACAS, Security Content Automation Protocol (SCAP) Security Checker (SCC), HBSS). Implement, configure, operate, and generate reports using the tools. Perform vulnerability and compliance testing of simulator system security features, and witness processes related to each IA/security control. Verify compliance with DISA Security Technical Implementation Guides (STIG), audit files, and DISA STIG SCAP Benchmarks. Conduct regression scans and provide results to ISSMs, ISO, SCAR, SCA, and Authorizing Official (AO). Provide and coordinate classified transport of tools to operationalize on-site simulator scan operations. Recommend patches, hot fixes, and countermeasures to mitigate high and critical findings.

  • Support the Tier 3, depot-level sustainment and maintenance activity for SENTRI scan solutions. Create, maintain, and publish scanner installation and configuration guides and scanner user's guides.

  • Provide Simulator Common Architecture, Requirements, and Standards (SCARS) cybersecurity support.

  • Travel to simulator program sites. Provide cybersecurity support and services to site personnel. Promote and improve simulator security postures and compliance with cybersecurity policies. Assess current cybersecurity operations. Conduct analysis of findings on unclassified and classified networks and systems. Document simulator security postures to ensure a robust cybersecurity program that complies with National, Federal, Department of Defense, and Air Force policies and procedures.

  • Develop and provide IA, Cybersecurity, RMF, and SENTRI/ACAS training courses and instructions. Analyze, develop, and execute training for government and contractor support personnel. Increase personnel security awareness of evolving threats, policies and procedures. Streamline processes and procedures.

Qualifications:

Required:

  • 5-8 years’ experience with BS degree/ 3-6 years’ experience with a MS/ 9-12 years’ experience with HS degree (Certifications can be considered in lieu of degree and years of experience)

  • IAM-I certification (e.g., Security+, SSCP, GSEC) candidate must obtain an IAM-II certification (e.g., CAP, CISSP, CISM, GLSC) or IAT-III certification (e.g., CASP, CIASA, GCIH) within 90 days of hire.

  • 3 years of engineering experience in system design and architecture development with modern computer platforms (e.g., OS, cloud computing, datacenter operations).

  • A working knowledge of RMF, ACAS, and eMASS.

  • Clearance Requirement: US Citizen with existing Department of Defense security clearance and the ability to maintain that clearance

 

Desired:

  • Defense Information Assurance Certification and Accreditation Process (DIACAP) proficiency.

  • eMASS and ACAS training and familiarity.

  • Experience in applying information systems security principles, concepts, and methods for RMF, eMASS, and ACAS toolsets and project management principles across IT disciplines and DoD information systems

Additional Information:

N/A

To apply for this or any position, learn about our total compensation package, and read about our veterans' hiring priority, return to our main Careers page.

Site updated: March 2020

©2020 by Northington Consulting, LLC. Proudly created with Wix.com