EPASS Cybersecurity - Kettering, United States - Torch Technologies

    Torch Technologies
    Torch Technologies Kettering, United States

    4 weeks ago

    Default job background
    Description

    Thank you for your interest in Torch Technologies. We're an award-winning, 100% employee-owned company based in Huntsville, Alabama. Recognized as a top 100 defense company, we're dedicated to supporting our nation's military. Our guiding principle, "Lighting the Pathway of Freedom," reflects our commitment to excellence, cooperation, integrity, and reliability. As a Certified Evergreen ESOP, our dedication is to continuously develop and maintain our company's success for the next century, securing a prosperous future for our employee-owners for generations to come. Join Torch and be a part of shaping the future

    Job Title

    EPASS GBM.087 Cybersecurity (ISSE)

    Location

    Ohio- Kettering Office - Kettering, OH 45409 US (Primary)

    Job Description

    Torch Technologies has an exciting opportunity for a Principal level Cybersecurity Engineer (ISSE) located in Kettering, Ohio (Dayton/WPAFB area) to support our EPASS GB contract. As part of the AFLCMC/GB Business and Enterprise Systems Directorate (BES), the MROi Maintenance Financials (MMF) adds financial capabilities to the new MROi Logistics Transformation program. MMF becomes part of the existing Business Acquisition Category (BCAT) I or a high-value BCAT II MROi program but is independently funded from HQ AFMC/FM. MRO will provide Air Force Material Command (AFMC) and the Air Force Sustainment Center (AFSC) with an integrated capability for planning, scheduling, and executing organic Depot Maintenance to support agile planning, optimized workload assignment and resource allocation, and integrated quality control. Maintenance Financials adds complementary financial capabilities that will become the foundation for the end-state vision of financial management activities as it relates to the Air Force Working Capital Fund (AFWCF). MROi Maintenance Financials requires support to develop, coordinate, staff, and execute the full range of acquisition documentation, and other artifacts and exhibits to meet statutory and regulatory requirements and mandates for BCAT compliance of Business Systems. The MMF RDT&E efforts are focused on modernizing and transforming the Air Force Depot capability and providing FIAR/FISCAM financial compliance.

    ESSENTIAL DUTIES/POSITION DESCRIPTION:

    The successful candidate will provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST) and per Authorization Official's Information System's Continuous Monitoring (ISCM) strategy.

    The ISSE is responsible for employing best practices when implementing security controls, including

    software engineering methodologies, system/security engineering principles, secure design, secure

    architecture, and secure coding techniques. The ISSE coordinates their security-related activities with

    the information security architect,, ISSM, ISSO, ISO, and common control provider. The ISSE completes

    training and maintain certification IAW AFI Duties performed by the ISSE may include but not limited to the following:

    • Completes and maintains required cybersecurity certification IAW AFMAN ;
    • Ensures all AF IT cybersecurity-related documentation is current and accessible to properly authorized individuals;
    • Supports the PM or ISO in maintaining current authorization to operate, approval to connect (if required), and implementing corrective actions identified in the plan of actions and milestones;
    • Coordinates, with the PM and AO staffs, development of an ISCM strategy and monitors any proposed or actual changes to the system and its environment;
    • Continuously monitors the IT and environment for security-relevant events;
    • Assesses proposed configuration changes for potential impact to the cybersecurity posture;
    • Assesses the quality of security controls implementation against performance indicators;
    • Ensures cybersecurity-related events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties, such as IOs, stewards, and AOs of interconnected IT;
    • Ensures all ISSOs and privileged users receive necessary technical training and obtain cybersecurity certification IAW AFMAN , Computer Security (COMPUSEC), AFMAN , and maintain proper clearances IAW DoDI ; and,
    • Ensures the AF IT is acquired, documented, operated, used, maintained, and disposed of properly IAW DoDI and DoDI
    Job Requirements

    The Information Systems Security Engineer (ISSE) has the expert knowledge, experience and recognized ability to be considered an industry leader in their technical/professional field. Typically performs the following kinds of functions: initiates, oversees, and/or develops requirements from a project's inception to conclusion for complex to extremely complex programs; provides strategic advice, technical guidance, and expertise to program and project staff; provides detailed analyses, evaluations, and recommendations for improvements,

    optimization development, and/or maintenance efforts for client-specific or mission critical challenges/issues; consults with client to define needs or problems; oversees studies; and leads surveys to collect and analyze data to provide advice and recommend solutions. Possesses the ability to perform tasks and oversee the efforts of junior, journeyman, and senior contractor personnel within and across multiple technical/professional disciplines (Program Office, Enterprise, Staff and Executive Level Support interface).

    All Cybersecurity professionals should possess experience providing guidance on the following to include, but not limited to:
    • Access control.
    • Configuration management.
    • System and communications protection.
    • Contingency planning.
    • Incident handling.
    • System and information integrity.
    • Security and privacy training and awareness; and,
    • Software development activities, software and tools related to Cybersecurity.
    Must be a U.S Citizen

    Experience performing cybersecurity duties as outlined in DoDI , AFI 17-130, and AFI for assigned AF IT.

    Experience validating, evaluating and analyzing finding results and developer adjudications using automated testing tools, e.g., Fortify, Checkmarx, SonarQube, and AppScan.

    Experience utilizing DoD tracking systems to input/document cybersecurity deficiencies, vulnerabilities, and change requests in the appropriate tracking system for each program, e.g., Jira, HP ALM, and eMASS.

    Experience with conducting information security continuous monitoring (ISCM) by maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions IAW approved ISCM strategy.

    EDUCATION:

    Master's or Doctorate Degree in a related field and 20 years of experience in the respective technical/professional discipline being performed, 10 years of which must be in the DoD

    OR, Bachelor's Degree in a related field and 25 years of experience in the respective technical/professional discipline being performed, 15 of which must be in the DoD

    OR, 30 years of directly related experience with proper certifications as described in the PWS labor category performance requirements, 20 of which must be in the DoD.

    CERTIFICATION REQUIREMENTS:

    At a minimum, the successful candidate will meet the requirements for and maintain an IASAE Level III Cybersecurity certification by possessing at least one of the following certifications as directed by DoD 8140 and outlined in DoD M, Appendix3, Table 2,2 AFMAN :
    • (ISC)2 CISSP-ISSAP
    • (ISC)2 CISSP-ISSEP
    • (ISC)2 CCSP
    Additional Desired Certifications:
    • Certified SCRUM Master
    • Other Agile Certifications
    OTHER QUALIFICATIONS:

    Candidate must be a US Citizen - REQUIRED

    Candidate must possess and be able to maintain a T3/Secret Clearance - REQUIRED

    The following skills are highly desirable but not required for this position:
    • Working knowledge of the Agile Development methodology
    • Experience using any, or all, of the following tools (Desired):
      • CheckMarx
      • SonarQube
      • Jira
      • Confluence
      • Mavin
      • Jenkins
      • Bitbucket
    #LI-AP1

    If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access as a result of your disability. You can request reasonable accommodations by sending an email to Thank you for your interest in Torch Technologies.