Live Chat
Contact

Senior Cyber Security Support Job in Dayton, Ohio US

Senior Cyber Security Support

Applied Research Solutions, Inc. - Dayton, OH

Posted: 4/23/2021 - Expires: 7/22/2021

Job ID: 226558222

Print 

Job Description

Description
The Senior Cyber Security Support contractor shall provide multi-discipline expertise covering program management and system security engineering combined with extensive F-15 systems and configuration experience. The Contractor shall be responsible for maintaining the overall cybersecurity posture of the F-15 platform systems, and are accountable for the implementation of DoD 8510.01. The Contractor shall act as the cybersecurity technical advisor to the aircraft and SAP Authorizing Official (AO) for all F-15 Platform Information Technology (PIT) systems under their purview, ensuring all cybersecurity-related events/configuration changes that may impact F-15 platform system authorizations or security posture are formally reported to the AO and other affected parties.

Responsibilities Include:


Support the development, execution, and maintenance of the F-15 system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.

Provide direct support to assure compliance to the most current revision of the cybersecurity directives applicable to PIT, PIT Interface and non-PIT systems being supported. These include DoDI 5205.11, DoDM 5205.07, DoDI 8500.01 Cybersecurity, DoDI 8510.01, RMF for DoD IT, JSIG, NIST 800-53, AFI 17-101, AFI 33-200, and directives/ guidance identified MIL-HDBK-516B Expanded.

Provide cybersecurity support to assigned systems and shall develop, modify, review or coordinate items that include, but are not limited to, PIT determination package, cybersecurity strategy, cybersecurity impact assessment, cybersecurity system categorization, Architecture Analysis Report (AAR), System Security Plan (SSP),System Controls Traceability Matrix (SCTM), Risk Assessment Report (RAR), Plan of Action and Milestones (POA&M), SAP, artifacts for program review and RFP. The Contractor shall execute the cybersecurity RMF to support Assessment and Authorization (A&A) of assigned systems.

Review required F-15 Division and program office artifacts and make recommendations to support cybersecurity RMF analysis. In order to support development systems and upgrades to sustainment systems going through various experimental tests, Developmental Tests (DT), and Operational Tests (OT), the Contractor shall review, provide analysis and submit for approval Interim Authority to Test (IATT) packages on behalf of PMs.

Review and coordinate approval for sanitization and declassification plans and/or procedures.

Perform mission-based cyber risk assessments and security impact assessments on assigned systems, modifications, and interconnections. In order to support approval decisions, the Contractor shall develop an A&A package and presentation for each required system. PIT A&A approvals currently consist of the following: IATT, Authority to Operate (ATO), and Authority to Connect (ATC).

Assist in managing, planning, documenting and conducting Independent Verification and Validation (IV&V) of security requirements for weapon systems. The Contractor shall evaluate the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability and non-repudiation have been implemented as documented in the JSIG, DoDI 8500.01, DoDI 8510.01, and NIST 800-53, and that the features perform properly. The Contractor shall document and report IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.

9.4.10 The Contractor shall perform cybersecurity site audits to verify architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity T&E, and to support final approval for ATO, and/or ATC. The Contractor shall document and report cybersecurity site audit findings and recommendations to the program office and/or security Cognizant Authority (CA).

Conduct Software Assurance (SWA) risk assessments.

Assist the Government in conducting Supply Chain Risk Management (SCRM). The Contractor shall assist in developing and documenting SCRM plans and implementation activities in appropriate acquisition and security documents (e.g., SEP, PPP, and SSP).

Review and make recommendations to the systems engineering SI certifying officials regarding CT requiring protection, PPP, SI plans, techniques, threats/vulnerabilities, risk and results. The Contractor shall monitor and evaluate SI efforts for impacts to the program and provide recommendations to the Government. The Contractor shall review the program's CPI/CT list. If one has not been developed, the Contractor shall work with the F-15 Division systems engineering team and the SI DoD executive agent to produce one. The Government Program Director and/or PM shall approve the final list. The Contractor shall ensure that SI events are incorporated into the SEP and IMS.

Assist the Government with OSS&E and CNS/ATM airworthiness assessment for certification to ensure that DoD aircraft are safe and that they meet the requirements of the Federal Aviation Administration in the U.S. and the International Civil Aviation Organization. The Contractor shall submit written reports including, but not limited to, technical evaluation reports, white papers, and comment matrices on the above technical areas to the Government.

Utilize the Government approved POA&M format. The POA&M shall be considered a 'living' document and shall regularly be updated throughout the entire life-cycle of the system through decommission contract period of performance. The POA&M shall contain all non-compliant RMF controls, and all non-compliant vulnerability findings. At a minimum, the POA&M shall be updated quarterly unless otherwise stated and submitted to the ISSM.

Vulnerability scans shall be protected IAW the classification levels of the information and IAW the system security classification guidelines. Non-compliant findings shall be documented in the system POA&M on a minimum monthly basis. With the Government's approval, the Contractor shall fix findings IAW the Government's priorities and schedule.

Comply with DoDD 8140.01 and DoD 8570.1-M for workforce training and certification requirements to perform information management, security patch management, vulnerability analysis and artifact development. The Contractor shall maintain the certification is in good standing.

Maintain a process where all IT is managed including, but not limited to, CM plan, system information, Concept of Operations (CONOPS), environment, operating and computing environment, system architecture description, components, configurations, accreditation boundaries supporting documents, system diagrams, data flow diagram, hardware lists, software lists, Ports, Protocols, and Services (PPS), contingency plan, and patch management plan. The Contractor shall submit all plans for Government approval prior to implementation. All system changes must be approved through a CM process when new information systems are under development, being procured, or delivered for operation.

Possess knowledge of anti-tamper/certification and accreditation engineering in support of the following system security/Information Assurance (IA) tasks:


CPI/CT identification;

Threat and vulnerability analysis;

Risk identification and management;

Cost analysis;

Program engineering milestone reviews;

DoD RMF and/or PIT processes;

SSP development;

Participation in a program's A&A working group, and;

Developing/coordinating (with program office personnel, certification authority, designated approval authority, Air Force Operational Test and Evaluation Center and operational command personnel) presentations and IATT, and ATO packages.


Review/develop/update applicable program documentation for security/system assurance-relevant requirements/issues.

Support the core engineering tasks as they relate to anti-tamper/certification and accreditation engineering.

Qualifications/Technical experience required:


DoD Top Secret clearance required

BS degree in a Computer Science or Engineering discipline. Minimum of ten (10) years of security engineering experience.

CISSP certification

The Contractor shall possess detailed knowledge of all USAF and FMS F-15 configurations to address F-15 USAF and FMS requirements

All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Applied Research Solutions is an equal opportunity employer. We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, disability, veteran status, or any other basis protected by applicable federal, state and local law.

Identified Skills


Job Summary

Employment Type:
Full Time Employee
Job type:
Federal Contractor
Skill Based Partner:
No
Education Level:
Bachelor's degree
Work Days:
Mon, Tue, Wed, Thu, Fri
Job Reference Code
49489467_1
Salary
N/A
Licenses / Certifications:
N/A
Display Recommended WorkKeys®Recommended WorkKeys®:
N/A