Information Systems Security Engineer SME

Information Systems Security Engineer SME role located at Peterson, SFB.

Why ARS?

Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support.Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.

The NCL Division’s primary mission is to sustain and support combat effective nuclear command, control, and communication (NC3) capabilities deployed worldwide. In addition, NCL supports NC3 terminals used under the NATO SATCOM Support Agreement and certainInternational Partner (IP) terminal support. Systems include fixed site, mobile, and airborne strategic Military SATCOM (MILSATCOM) terminals; aircrew alerting; strategic messaging; and PNVC capabilities.

Responsibilities include:

The ISSM (SME) serves as the Information System Security Manager (ISSM Advanced) and acts as technical advisor to the Program Manager (PM) and Systems Engineer (SE), are primarily responsible for maintaining the overall security posture of the systems within their organization and are accountable for the implementation of Department of Defense (DoD) 8510.01. The organization’s cybersecurity program developed by ISSMs includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.

ISSM SME responsibilities include:

• Manage the system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Department of the Air Force policies (i.e., RMF).
• Develop and conduct a Continuous Monitoring plan in support of A&A activities to maintain ongoing awareness of cybersecurity, vulnerabilities, and threats to facilitate risk-based decision making.
• Maintain and report system assessment and authorization status and issues in accordance with DoD Component guidance.
• Participate in meetings/teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts.
• Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified.
• Review system test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. Document findings in a report.
• Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting AFNWC/NCL systems, assess risk, and provide POA&M recommendations to ISSM and PM as required.
• Act as the primary cybersecurity technical advisor to Program Management and System Engineers for systems under their purview.
• Coordinate Trusted Systems and Networks (TSN) and Supply Chain Risk Management (SCRM) evaluation of program information, software, and hardware throughout the program life cycle.
• Ensure that cybersecurity-related events or configuration changes that may impact systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs.
• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Perform cybersecurity inspections, tests, and reviews.
• Ensure ISSMs are appointed in writing and provide oversight to ensure they are following established cybersecurity policies and procedures.
• Ensure that Information and System Owners associated with DoD information received, processed, stored, displayed, or transmitted on each system are identified to establish accountability, access approvals, and special handling requirements.
• Maintain a repository for all organizational or system-level cybersecurity-related documentation.
• Ensure implementation of IS security measures and procedures including reporting incidents to the appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 3 for classified information or DoD Manual 5200.01, Volume 4 for Controlled Unclassified Information (CUI), respectively.
• Ensure handling of possible or actual data spills of classified information resident in ISs, are conducted in accordance with DoD 5200.01, Volume 3.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
• Prepare, maintain, and submit a monthly report that captures the status of each A&A package to include an integrated schedule capable of showing high-level views of all packages and have the ability to delve in-depth into individual packages. Items to be addressed shall include: Authorization Status, RMF Progress, PoA&M Status, FISMA Compliance, Delivery of Documentation and Artifacts, Status of Incomplete items, Completed or Upcoming Reviews, Open Actions and Status, and Key Schedule Milestones.
• Support and assist external teams in the evaluation of systems Cybersecurity posture to include teams performing non-regular cyber tests, war-games, cyber penetration tests, and cyber studies conducted by the NSA, DISA, Air Force Audit Agency, or other organizations.
• Support the development, coordination, and implementation of cybersecurity-related special projects and taskers, e.g., Defensive Cyber Operations (DCO), Higher Headquarter requests, Notice to Airmen (NOTAMs), Technical Change Orders (TCOs), System Program Office (SPO), 16th AF, USSTRATCOM, USCYBERCOM, SAF/A6, SpOC/S6, AFGSC/A6, 460 Space Wing, and AFNWC/NC efforts.
• For each system, maintain a current software bill of materials that contains the elements identified in the National Telecommunications and Information Administration publication “The Minimum Elements for a Software Bill of Materials”, July 12, 2021.
• Shall meet the Advanced level qualification requirements for Information System Security Manager (722) or Vulnerability Assessment Analyst (541) as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.
• Perform Information Systems Security Management (722) and Vulnerability Assessment Analyst (541) Core/Additional Tasks and meet the KSAs as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03.
• Other duties as assigned.

Qualifications/Technical Experience Requirements:

• Must be a US citizen
• Master's Degree preferred. 5 years in DoD or; 20 years of directly related experience with proper certifications of which 8 years are in DoD
• Experience with the Risk Management Framework (RMF).
• Active Top Secret Security Clearance

Salary commensurate with candidate's qualifications and education. Expected range annual salary $176,000-$198,000.

All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals based on disability and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.