Cybersecurity Support, Senior (F15)
US-OH-Dayton / Wright-Patterson AFB
Oasis Systems has an exciting opportunity for a Cybersecurity Support, Senior located at Wright Patterson AFB. The Contractor shall provide multi-discipline expertise covering program management and system security engineering combined with extensive F-15 systems and configuration experience. The Contractor shall be responsible for maintaining the overall cybersecurity posture of the F-15 platform systems, and are accountable for the implementation of DoD 8510.01. The Contractor shall act as the cybersecurity technical advisor to the aircraft and SAP Authorizing Official (AO) for all F-15 Platform Information Technology (PIT) systems under their purview, ensuring all cybersecurity-related events/configuration changes that may impact F-15 platform system authorizations or security posture are formally reported to the AO and other affected parties.
LOCATION: Wright Patterson, AFB
JOB STATUS: Full time
TRAVEL: Occasional CONUS travel maybe required
REQUIRED QUALIFICATIONS (Eduction, Certifications, Experience, Skills)
SECURITY CLEARANCE: DoD Top Secret clearance required
BS degree in a Computer Science or Engineering discipline. Minimum of ten (10) years of security engineering experience.
CERTIFICATIONS: CISSP certification
EXPERIENCE LEVEL: Senior
The Contractor shall possess detailed knowledge of all USAF and FMS F-15 configurations to address F-15 USAF and FMS requirements
Minimum of ten (10) years of security engineering experience.
Support the development, execution, and maintenance of the F-15 system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
Provide direct support to assure compliance to the most current revision of the cybersecurity directives applicable to PIT, PIT Interface and non-PIT systems being supported. These include DoDI 5205.11, DoDM 5205.07, DoDI 8500.01 Cybersecurity, DoDI 8510.01, RMF for DoD IT, JSIG, NIST 800-53, AFI 17-101, AFI 33-200, and directives/ guidance identified MIL-HDBK-516B Expanded.
Provide cybersecurity support to assigned systems and shall develop, modify, review or coordinate items that include, but are not limited to, PIT determination package, cybersecurity strategy, cybersecurity impact assessment, cybersecurity system categorization, Architecture Analysis Report (AAR), System Security Plan (SSP),System Controls Traceability Matrix (SCTM), Risk Assessment Report (RAR), Plan of Action and Milestones (POA&M), SAP, artifacts for program review and RFP. The Contractor shall execute the cybersecurity RMF to support Assessment and Authorization (A&A) of assigned systems.
Review required F-15 Division and program office artifacts and make recommendations to support cybersecurity RMF analysis. In order to support development systems and upgrades to sustainment systems going through various experimental tests, Developmental Tests (DT), and Operational Tests (OT), the Contractor shall review, provide analysis and submit for approval Interim Authority to Test (IATT) packages on behalf of PMs.
Review and coordinate approval for sanitization and declassification plans and/or procedures.
Perform mission-based cyber risk assessments and security impact assessments on assigned systems, modifications, and interconnections. In order to support approval decisions, the Contractor shall develop an A&A package and presentation for each required system. PIT A&A approvals currently consist of the following: IATT, Authority to Operate (ATO), and Authority to Connect (ATC).
Assist in managing, planning, documenting and conducting Independent Verification and Validation (IV&V) of security requirements for weapon systems. The Contractor shall evaluate the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability and non-repudiation have been implemented as documented in the JSIG, DoDI 8500.01, DoDI 8510.01, and NIST 800-53, and that the features perform properly. The Contractor shall document and report IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
18.104.22.168 The Contractor shall perform cybersecurity site audits to verify architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity T&E, and to support final approval for ATO, and/or ATC. The Contractor shall document and report cybersecurity site audit findings and recommendations to the program office and/or security Cognizant Authority (CA).
Conduct Software Assurance (SWA) risk assessments.
Assist the Government in conducting Supply Chain Risk Management (SCRM). The Contractor shall assist in developing and documenting SCRM plans and implementation activities in appropriate acquisition and security documents (e.g., SEP, PPP, and SSP).
Review and make recommendations to the systems engineering SI certifying officials regarding CT requiring protection, PPP, SI plans, techniques, threats/vulnerabilities, risk and results. The Contractor shall monitor and evaluate SI efforts for impacts to the program and provide recommendations to the Government. The Contractor shall review the program’s CPI/CT list. If one has not been developed, the Contractor shall work with the F-15 Division systems engineering team and the SI DoD executive agent to produce one. The Government Program Director and/or PM shall approve the final list. The Contractor shall ensure that SI events are incorporated into the SEP and IMS.
Assist the Government with OSS&E and CNS/ATM airworthiness assessment for certification to ensure that DoD aircraft are safe and that they meet the requirements of the Federal Aviation Administration in the U.S. and the International Civil Aviation Organization. The Contractor shall submit written reports including, but not limited to, technical evaluation reports, white papers, and comment matrices on the above technical areas to the Government.
Utilize the Government approved POA&M format. The POA&M shall be considered a ‘living’ document and shall regularly be updated throughout the entire life-cycle of the system through decommission contract period of performance. The POA&M shall contain all non-compliant RMF controls, and all non-compliant vulnerability findings. At a minimum, the POA&M shall be updated quarterly unless otherwise stated and submitted to the ISSM.
Vulnerability scans shall be protected IAW the classification levels of the information and IAW the system security classification guidelines. Non-compliant findings shall be documented in the system POA&M on a minimum monthly basis. With the Government’s approval, the Contractor shall fix findings IAW the Government’s priorities and schedule.
Comply with DoDD 8140.01 and DoD 8570.1-M for workforce training and certification requirements to perform information management, security patch management, vulnerability analysis and artifact development. The Contractor shall maintain the certification is in good standing.
Maintain a process where all IT is managed including, but not limited to, CM plan, system information, Concept of Operations (CONOPS), environment, operating and computing environment, system architecture description, components, configurations, accreditation boundaries supporting documents, system diagrams, data flow diagram, hardware lists, software lists, Ports, Protocols, and Services (PPS), contingency plan, and patch management plan. The Contractor shall submit all plans for Government approval prior to implementation. All system changes must be approved through a CM process when new information systems are under development, being procured, or delivered for operation.
Possess knowledge of anti-tamper/certification and accreditation engineering in support of the following system security/Information Assurance (IA) tasks:
• CPI/CT identification;
• Threat and vulnerability analysis;
• Risk identification and management;
• Cost analysis;
• Program engineering milestone reviews;
• DoD RMF and/or PIT processes;
• SSP development;
• Participation in a program’s A&A working group, and;
• Developing/coordinating (with program office personnel, certification authority, designated approval authority, Air Force Operational Test and Evaluation Center and operational command personnel) presentations and IATT, and ATO packages.
Review/develop/update applicable program documentation for security/system assurance-relevant requirements/issues.
Support the core engineering tasks as they relate to anti-tamper/certification and accreditation engineering.
Who We Are
Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.
We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs
Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.