Cybersecurity (ISSM)

About The Position

Requirements

• Master’s or Doctorate Degree in a related field and ten years of experience in the respective technical / professional discipline being performed, five years of which must be in the DoD.
• OR bachelor’s degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoD.
• OR, 15 years of directly related experience with proper certifications as described in the PWS labor category performance requirements, eight of which must be in the DoD.
• CISSP Certification
• CAP (Certified Authorization Professional) certification, Now CGRC (Certified in Governance, Risk, & Compliance) certification

Nice To Haves

• CISSP (Certified Information Systems Security Professional) certification is highly recommended.

Responsibilities

• Provide cyber security engineering support for traditional acquisition programs as well as Quick Reaction Capabilities (QRC) in a rapid acquisition development environment with minimal government oversight.
• Implement all phases of the RMF processes for weapon systems that will generate both unclassified and classified information.
• Develop and analyze cyber security engineering artifacts used to support the Assessment and Authorization (A&A) process leading to a successful ATO decision.
• Develop risk reduction-based policies and procedures and develop comprehensive cyber security processes to include implementation of continues monitoring.
• Develop the Cyber Security Impact Evaluation Recommendation to assess changes on the system in support of the continuous monitoring plan.
• Document system architectures, utilizing OEM documentation and system interface specifications, to support the cyber analysis, identification, selection, and tailoring of security and privacy controls necessary to protect the system.
• Develop, modify, review and coordinate Platform Information Technology (PIT) determination packages, cyber security strategies, system security plans, and RMF artifacts for program review.
• Provide expert level evaluation of designs and proposed implementation solutions to defend weapon systems and critical networks against malicious and non-malicious exploitation throughout the full acquisition life cycle of portfolio programs.
• Evaluate threat data and develop residual risk recommendations and mitigations to senior DoD and AF leadership based on identification and analysis of weapons vulnerabilities.
• Research threat products and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements, research, and draft cyber security white papers, and provide recommendations to the program manager.
• Review and analyze interoperability requirements and will review, develop and evaluate resultant specifications and internal and external ICDs.
• Review and propose technical recommendations at both the strategic and operational levels regarding critical technologies requiring protection, Program Protection Plans (PPP), and Anti-Tamper (AT) plans, cyber findings, vulnerabilities, and risks.
• Review and/or document the systems Critical Program Information/Critical Technology (CPI/CT) and provide recommendations to the system’s Chief of Security and the Program Manager.
• Contractors will be required to have access to classified material and classified information systems to include the Secret Internet Protocol Router Network (SIPRNet) and the Joint Worldwide Intelligence Communications System (JWICS).