Cyber Resiliency and Test Engineer - SME

About The Position

Requirements

• A SME is typically recognized as an industry leader in the community of interest
• Bachelor's Degree in a computer science field (e.g., Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering) or one of the following certifications: SecurityX, CCISO, CCSP, CISM, CISSO, CISSP, or GSLC
• Over 10 years of relevant technical experience in the field of cybersecurity, control systems, critical infrastructure, aircraft/weapons system, and/or IT systems
• US Citizen and able to obtain and maintain a Top Secret – (Single Scope Background Investigation)
• Significant understanding of the DoW acquisition and/or test and evaluation processes/activities
• Knowledge in planning and conducting test
• Knowledge of Supervisory Control and Data Acquisition (SCADA), critical infrastructure, and control systems
• Analytical skills and problem-solving skills
• Good organization, decision making, and verbal and written communication skills
• Excellent self-initiative and self-motivation with the ability to work under minimal supervision
• History of leading diverse teams and work effectively in small and large team settings to solve complex problems
• Travel up to 15-20 weeks per year, potentially to worldwide sites

Nice To Haves

• Significant understanding of the DoW Cyber Developmental and Operational Cyber Test and Evaluation Guidebook
• Experience conducting Mission Based Cyber Risk Assessments (MBCRAs)
• Experience in planning and conducting cyber test
• Experience establishing cybersecurity guidelines and practices at the DoW or Service level
• Knowledge in the Cybersecurity Assess and Authorize (A&A) process to support DoW acquisition programs through the Risk Management Framework (RMF) process
• Active SECRET or Top Secret clearance
• Understanding of network and/or systems

Responsibilities

• Provide cyber test planning support
• Conduct system security analysis on systems and/or software to understand and identify vulnerabilities
• Support the 48th Cyberspace Test Squadron at Eglin AFB, FL and the DoW Cybersecurity community in improving planning and conducting Cyber Developmental and Operational Test & Evaluation for major DoW programs
• Support acquisition programs in the development of cyber test strategies and plan for the implementation of cyber test activities
• Accomplish reoccurring Mission Based Cyber Risk Assessments (MBCRAs)
• Help test teams develop and document cyber survivability (cybersecurity and cyber resiliency) test strategies and Cyber Development Test & Evaluation (DT&E), Cooperative Vulnerability and Penetration Assessment (CVPA), and Adversarial Assessment (AA) test methodologies based on ongoing system cyber vulnerability assessments
• Develop DoW and Air Force guidance on the acquisition and cyber test of DoW systems
• Work with programs to develop cyber test strategies that integrate into their larger acquisition, development, deployment, and functional test strategies
• Develop and document standard, repeatable process(es) for conducting MBCRAs, Cyber DT&E, CVPAs, and AAs
• Support the development of cyber test and evaluation procedures for aircraft, munitions, C4ISR, and Information Technology systems
• Document the system information requirements and work products needed by the Developmental Test & Evaluation (DT&E) and Operational Test & Evaluation (OT&E) communities to plan, execute, and report on systems’ cyber test objectives
• Provide requirements usable by programs to incorporate in statements of work, system technical requirements documents, Test and Evaluation Master Plans, DT&E, and OT&E Entrance and Exit criteria, and other documents
• Assist with developing and documenting Air Force guidance and informing DoD guidance updates
• Document recommendations for incorporating DT&E/OT&E cybersecurity deficiency reporting and watch items into standard DT&E/OT&E processes
• Facilitate and guide program MBCRAs
• Assist with Cyber DT&E, CVPA, and AA planning, execution, and reporting to achieve the above objectives, provide expertise and lessons learned, and apply process knowledge for systems under test