Job Information
Sumaria Systems, Inc. Senior Information Systems Security Engineer in Clearfield, Utah
Senior Information Systems Security Engineer
Department: SAS DAYTON, OH
Office: Hill AFB, UT - SAS
Location: Clearfield, UT
START YOUR APPLICATION (https://apply.hrmdirect.com/resumedirect/ApplyOnline/Apply.aspx?req_id=3069124&source=3069124-CJB-0)
Position: Senior Information Systems Security Engineer
Description: The Contractor shall support the Cybersecurity and Advanced Programs team located at Hill Air Force Base, Utah on a full-time basis. Remote work is not permitted. The Contractor shall be part of a team of professionals supporting the F-16 Program Office. Duties shall vary, but include the following scope of activities:
The Contractor shall support to assure compliance to the most current revision of the security directives applicable to PIT, Platform Information Technology Interconnection (PITI) and non-PIT systems being supported to include DoD Information Assurance Certification and Accreditation Process (DIACAP), DoDI 8500.2, Director of Central Intelligence Directive (DCID) 6/3 Manual, Joint Air Force - Army - Navy (JAFAN) 6/3 Manual, NIST 800-53, directives/guidance identified in the Program Protection Plan (PPP) and/or MIL- HDBK-516B Expanded.
The Contractor shall provide IA support to assigned systems to includes developing, modifying, reviewing or coordinating PIT determination packages, IAS, IAP, SSP, artifacts for program reviews and RFPs. The Contractor shall assist with the execution of the IA RMF to support A&A of assigned systems. The Contractor shall assist with evaluating the technical implementation of the security design to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, accountability, and non- repudiation have been implemented as documented in the DCID 6/3, JAFAN/6/3, NIST 800-53, and/or DoDI 8500.2.
The Contractor shall assist to review required program office artifacts and make recommendations to support IA RMF analysis and recommendation to the program office. the Contractor shall assist to develop a A&A report and a A&A presentation for each required system to include IATT, IATO ATO, and Authority to Connect (ATC).
The Contractor shall assist to manage, plan, document and conduct Independent Verification & Validation (IV&V) of security requirements for weapon systems. The Contractor shall assist with evaluating the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability and non-repudiation have been implemented as documented in the DCID 6/3, JAFAN/6/3, NIST 800-53, and/or DoDI 8500.2 and that the features perform properly. The Contractor shall assist to document and report IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
The Contractor shall support IA site audits to verify architecture analysis, IA requirements and controls, verify mitigation actions, witness IA testing and evaluation, and to support final approval for IATT, IATO, and/or ATO/ATC. The Contractor shall assist to document and report IA site audit findings and recommendations to the Program Office.
The Contractor shall assist to review and make recommendations to the Systems Engineering AT Certifying Officials regarding critical technologies requiring protection, PPP, AT plans, techniques, threats/vulnerabilities, risk and results. The Contractor shall support monitoring and evaluating AT efforts for impacts to the program and provide recommendations to the PM. The Contractor shall assist to review the program-s Critical Program Information/ Critical Technology (CPI/CT) list. The Contractor shall support the program office SE Team and the AT DoD Executive Agent to produce new CPI/CT lists. The Contractor shall assist to ensure that AT events are incorporated into the SEP and IMS. The Contractor shall support to identify and document the threat, vulnerability, attack scenarios, impacts if exploited and the exploitation timeline.
The Contractor shall assist with identifying the software pedigree and quality assurance issues and document the results. The Contractor shall support software security analysis to assess the vulnerabilities and risks. The Contractor shall assist to document and report results to the PM and the Certification Authority Representative. The Contractor shall assist with developing an approach for performing operational SWA sensitivity analysis. The Contractor shall assist with developing SWA test metrics for inputs to the TEMP. The Contractor shall provide support to conduct risk assessment.
The Contractor shall assist with performing hardware security analysis to assess the vulnerabilities and risks.
The Contractor shall assist the Program Office with OSS&E and Communication, Navigation and Surveillance/ Air Traffic Management (CNS/ATM) airworthiness assessment for certification to ensure that DoD aircraft are safe and that they meet the requirements of the FAA in the U.S. and the International Civil Aviation Organization (ICAO). The Contractor shall assist to submit written reports, including but not limited to technical evaluation reports, white papers, and comment matrices on the above technical areas to the program office.
The Contractor shall support the development of PIT process and PIT guidance for the program office.
The Contractor shall assist in developing, reviewing, or assisting the U.S. Government and other supporting Contractors, to identify any -sensitive- media that should not be placed into the public domain (e.g., Classified, For Official Use Only (FOUO)), as well as ensuring applicable Distribution Statement, Handling and Destruction Notice, Warning Statement (for technical information with space/military application under the ITAR or the Export Administration Regulations (EAR) for dual-use technologies), along with the expanded exemption statement are applied IAW AFI 61-204, and DoD 5400.7-R. The Contractor shall assist to properly mark, properly handle, secure, and dispose of any sensitive media in the Contractor-s immediate control. The Contractor shall advise or alert the U.S. Government, and other supporting contractors of these requirements, for any sensitive media received which is not appropriately marked.
The Contractor shall support all training (classroom and computer based) and keep accurate records of completed training.
The Contractor shall support cryptography analysis.
The Contractor shall assist to conduct Supply Chain Risk Management (SCRM). The Contractor shall assist in developing and documenting SCRM plans and implementation activities in appropriate acquisition and security documents, including but not limited to the acquisition strategy, SEP, PPP, and SSP.
Education: Recommend computer engineer, electrical engineer or computer science ABET accredited degrees or BS in information assurance or information systems.
Certification: CISSP
Years- Experience: 15 Recommend a minimum of ten years of systems engineering, systems security engineering, or IA experience. Required to possess and maintain a current Certified Information System Security Professional (CISSP) certification. Recommend expertise in state of a system where it is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments (systems integrity) and IA.
Travel: Yes, 15%
Security Clearance Required: TS/SCI with SAP access being required
Position Type: Full Time
Work Location: HAFB
Travel: Yes, CONUS and OCONUS
Top salaries paid for qualified candidates.
Agency submissions are not being accepted at this time.
For more information on Sumaria Systems, please visit our website at www.sumaria.com.
Sumaria is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status.
Sumaria is a Full Lifecycle Engineering, Technical Services and Professional Solutions company in support of the Warfighter, supporting modernization, high end services and next generation capabilities in contested domains. Sumaria has been a trusted partner to U. S. Department of Defense for more than 40 years, providing Lifecycle Systems Engineering, Advisory & Analysis/SETA, C5ISR and Enterprise Information Technology solutions. With expertise to lead, insight to deliver and commitment to succeed; we staff each mission with a carefully selected team of seasoned professionals. We're Headquartered in Peabody, MA, and have regional offices across the nation.
Sumaria Systems only provides engineering services to the federal government and does not provide professional engineering or surveying services to the public within the meaning of Ohio Revised Code Section 4733.16.
START YOUR APPLICATION (https://apply.hrmdirect.com/resumedirect/ApplyOnline/Apply.aspx?req_id=3069124&source=3069124-CJB-0)