Camber Corporation Information Assurance Systems Engineer Level 2- 16785 in Wright Patterson AFB, Ohio
HII-Camber is currently seeking an Information Assurance Systems Engineer Level 2 to work out at the Wright-Patterson AFB, OH, location.
The following statements of duties and responsibilities describe the general nature and level of work being performed by individuals assigned to this position. These statements are an exhaustive list of all duties and responsibilities required of personnel working in this position. Actual duties and responsibilities may vary depending upon assignments and other factors. Personnel filling this position execute Cybersecurity, Risk Management Framework (RMF), Assured Compliance Assessment Solution (ACAS), Enterprise Mission Assurance Support Service (eMASS), and other Information Assurance (IA) functions required to support over 48 Aircraft Training Systems (ATSs) and Maintenance Training Systems (MTSs) at over 184 locations worldwide for the Simulators Division, Air Force Lifecycle Management Center (AFLCMC/WNS).
Duties and Responsibilities:
· Take direction from the RFS 5 Lead and keep the Lead informed of all activities and workload.
· Support the Live, Virtual, and Constructive Operational Training (LVC-OT) cybersecurity strategy. Conduct and review cybersecurity operations to include all RMF steps, activities, and tasks to perform Assess and Authorize (A&A) and Assess-Only processes in support of simulator ATSs, MTSs, systems, networks, and ranges. Perform in one or more of the following roles: Information System Security Manager (ISSM), Information System Security Officer (ISSO), Information Security System Engineer (ISSE), and/or cybersecurity Subject Matter Expert (SME).
· Support the Information System Owner (ISO). Produce, maintain, track, and upload RMF documents and artifacts into the Enterprise Mission Assurance Support Service (eMASS). Support RMF IAW the RMF Knowledge Service (KS) to ensure Information Assurance (IA) and Computer Security is incorporated throughout the simulator’s architecture system development life cycle (SDLC) at all classifications. Document security controls in all security control families in eMASS. Ensure non-compliant and non-applicable controls are updated according to the Authorization To Operate (ATO). Create and generate RMF documents and artifacts: e.g., Information Technology Categorization and Determination (ITCD), System Security Plan (SSP), Plans of Action and Milestones (POA&M). Determine if system artifacts are complete and accurate.
· Support Information Owners (IOs). Achieve consistent application and implementation of security policies, countermeasures, and procedures under development and fielded at user sites. Standardize non-technical assessment policies and procedures.
· Support a simulator programs' ISSMs, ISSOs, and ISSEs. Provide cybersecurity expertise and services. Verify ISSOs are appointed in writing and verify they follow cybersecurity policies and procedures. Develop and maintain organizational and program cybersecurity architecture, requirements, objectives and policies, and cybersecurity processes and procedures. Manage and update RMF cybersecurity information to include verifying artifacts are entered in eMASS.
· Support Security Control Assessor (SCA), SCA Representative (SCAR), and/or Associate Security Control Assessor Representative (ASCAR). Provide technical expertise and cybersecurity services to augment and functions throughout all security development lifecycles performed within a simulator program's SDLC. Develop and implement Common Control Provider security controls and an eMASS program of record. Develop and distribute Best Practices and Lessons-Learned to the entire simulator fleet.
· Increase the security posture of programs. Ensure security controls are implemented and working per the ATO. Recommend risk mitigation procedures and countermeasures when a cybersecurity incident or vulnerability is discovered. Ensure a process is in place for users to report all cybersecurity threats, vulnerabilities, and incidents, whether actual or suspected, are reported to authorities (e.g., ISSO, ISSM, PM). Assess the accuracy and completeness of RMF authorization packages IAW the Package Approval Chain (PAC) in eMASS. Reduce the Control Approval Chain (CAC) security control rejection and rework. Provide a centralized management approach to create, update, track, and monitor POA&Ms through resolution of security findings.
· Conduct fully-credentialed vulnerability and compliance scans using the automated tools (e.g., ACAS, Security Content Automation Protocol (SCAP) Security Checker (SCC), HBSS). Implement, configure, operate, and generate reports using the tools. Perform vulnerability and compliance testing of simulator system security features, and witness processes related to each IA/security control. Verify compliance with DISA Security Technical Implementation Guides (STIG), audit files, and DISA STIG SCAP Benchmarks. Conduct regression scans and provide results to ISSMs, ISO, SCAR, SCA, and Authorizing Official (AO). Provide and coordinate classified transport of tools to operationalize on-site simulator scan operations. Recommend patches, hot fixes, and countermeasures to mitigate high and critical findings.
· Support the Tier 3, depot-level sustainment and maintenance activity for SENTRI scan solutions. Create, maintain, and publish scanner installation and configuration guides and scanner user's guides.
· Provide Simulator Common Architecture, Requirements, and Standards (SCARS) cybersecurity support.
· Travel to simulator program sites. Provide cybersecurity support and services to site personnel. Promote and improve simulator security postures and compliance with cybersecurity policies. Assess current cybersecurity operations. Conduct analysis of findings on unclassified and classified networks and systems. Document simulator security postures to ensure a robust cybersecurity program that complies with National, Federal, Department of Defense, and Air Force policies and procedures.
· Develop and provide IA, Cybersecurity, RMF, and SENTRI/ACAS training courses and instructions. Analyze, develop, and execute training for government and contractor support personnel. Increase personnel security awareness of evolving threats, policies and procedures. Streamline processes and procedures.
Qualifications and Experience:
· DoD 8570.1 IAT-III or IAM-Level III certification (e.g., CASP, CISSP, GSLC, CISM).
· 3 years of engineering experience in system design and architecture development with modern computer platforms (e.g., OS, cloud computing, datacenter operations).
· A strong working knowledge of RMF, ACAS, and eMASS.
· Experience in applying information systems security principles, concepts, and methods for RMF, eMASS, and ACAS toolsets and project management principles across IT disciplines and DoD information systems
· Defense Information Assurance Certification and Accreditation Process (DIACAP) proficiency.
· eMASS and ACAS training and familiarity.
· All candidates will be subject to a pre-employment background investigation and drug screening per HII requirements.
· Secret Security Clearance.
· Be eligible for a Top Secret (TS)/Single Scope Background Investigation (SSBI) clearance with Sensitive Compartmentalized Information (SCI) access.
Camber Corporation is part of the Integrated Mission Solutions Group of HII’s Technical Solutions division. Integrated Mission Solutions Group is a leading provider of Agile Software Engineering and Information Technology solutions; All Hazards services; Modeling, Simulation, and Training solutions and services; Unmanned Systems support; Intelligence Analysis and Operations; and Engineering and Management services to Department of Defense, Federal, and commercial customers.
Integrated Mission Solutions Group (Camber), a subsidiary of Huntington Ingalls Industries, Inc. (HII) is headquartered in Huntsville, AL. From Camber’s founding in 1990, we have grown to 32 offices, positioned to provide responsive support to our customers across the United States. We deploy personnel to support our customers globally, including many locations in Asia, Africa, and Europe, providing daily interface on technical, programmatic, and operations issues. Overall, more than 1,600 Camber professionals deliver ISO 9001:2008-certified and CMMI ML3 high-value solutions to customers worldwide.
Camber Corporation is an Equal Opportunity Employer EOE/AA Minorities/Females/Veterans/Disabled