Craig Technologies Senior Information Systems Security Officer in Lompoc, California
Title: Senior Information System Security Officer (ISSO)
Location: Vandenberg AFB, CA
Clearance: SECRET, TS/SCI Eligible
Citizenship Requirement: US Citizen
Req #: 2591
Craig Technologies is seeking qualified candidates to support the US Air Force Agency for Modeling and Simulation (AFAMS) program.
AFAMS is the premier agency responsible for implementation, integration, and development of Modeling and Simulation (M&S) and training and analysis standards that support the US Air Force (USAF), Department of Defense (DoD), and mission partners requiring these capabilities to support the Warfighter in full-spectrum operations. As the lead agent for M&S within the USAF, AFAMS gathers requirements, seeks out potential solutions, and integrates legacy and emerging M&S solutions across the USAF and the DoD. The USAF has an M&S initiative that focuses on providing simulation and synthetic training as the critical capability to augment live training, act as an enabler for critical decision-making, and enhance human performance. In the current resource constrained environment, demand for M&S rises with the continuously evolving need for operational readiness and mission preparedness across the USAF, DoD, and with coalition partners. AFAMS focuses on providing innovative M&S services as the key to meeting this demand.
The role of this position is to support the 30th Space Wing, 2nd Range Operations Squadron in Vandenberg AFB, CA. The Information System Security Engineer will:
Develop RMF artifacts in support of acquiring approvals for ATCs, IATTs, and ATOs for Combat Development Division (CDD)-Western Range (WR) CDD-WR systems under development.
Ensure system development follows the RMF 6-step process IAW DoDI 8510.01.
Ensure the use of the most current RMF templates of the cybersecurity process.
Document all findings and decisions for each applicable control.
Manage hardware and software lists provided by the system’s developer; ensure the most current template is utilized that can be exported and imported from Enterprise Mission Assurance Support Service (eMASS).
Deliver RMF artifacts to the CDD-WR for inclusion in RMF packages
Develop, manage, and update System Security Plan and A&A packages for accreditations boundaries for all accreditations and provide any change to the ISSM or its designee.
Assist the Government/ISSM in reviewing all cybersecurity documents as required for RMF process.
Provide recommendations for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) implementation and risk mitigations, using cybersecurity training and experience, to the CDD-WR.
Produce STIG Applicability List for the system.
Assess and provide tactical and strategic management of cybersecurity for CDD-WR portfolio, including the development of cybersecurity policy, strategies, and plans incorporating high-level directives, as well as the translation of strategic cybersecurity posture into specific cybersecurity requirements.
Maintain open lines of communication with development engineers and support personnel within the CDD-WR for accurate portrayal of systems within artifacts and to ensure awareness of completion status and timelines.
- Provide continuous support in monitoring affected system after ATO is achieved.
Perform the execution of Vulnerability and Compliance scanning of CDD-WR systems
Perform the necessary scans of CDD-WR systems using the most current, official criteria for inclusion in the RMF packages and in support of the development of the Plan of Actions and Milestones (POA&M).
Produce the compliance and vulnerability scan results for all components of the system relevant to the accreditation or security change. Opportunity: Successful Proof-of-Concept can result in development of formal requirements delivered to SMC/RNSV for acquisition.
Assess and verify that cybersecurity requirements addressed, at an acceptable level of risk in architecture specifications.
Assess and present program cybersecurity and protection issues, and recommend solutions, mitigation, or corrective actions through the risk management process of the CDD-WR portfolio/programs.
Support and facilitate CDD-WR cybersecurity Integrated Working Group meetings.
Coordinate with all 30 SW contractors to validate that appropriate cybersecurity requirements applied to CDD-WR program
The following skills are required:
IAM Level II (CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO) or higher (CISM, CISSP (or Associate), GSLC, CCISO)
10 years Information Assurance experience
DoD 8570.1-M IAM-III certification (CISM, CISSP (or Associate), GSLC)
A expert knowledge of RMF
Experience in applying information systems security principles, concepts, and methods for RMF, eMASS, and ACAS toolsets and project management principles across IT disciplines and DoD information systems
Experience in applying security principles to all states of system development from requirements development through operational acceptance
Experience at the enterprise level in system design and architecture development with modern computer platforms (e.g., OS, cloud computing, datacenter operations)
Experience in conducting information systems security assessments, evaluating IA and Cybersecurity controls, and conducting and supporting RMF activities
Experience with Operational Air Force or Space Force systems
Highly proficient with ACAS and the ability to import plug-ins, create and manage vulnerability and STIG/SCAP scans
Highly experienced with eMASS with formal eMASS training certification
A Secret security clearance is required for this position. It is desired the candidate have TS/SCI eligibilty.
Craig Technologies is an EEO Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, or any other non-job-related protected status. All candidates selected will be subject to a security background investigation and must meet all eligibility requirements for access to classified information.