Cybersecurity System Security Engineer II – (Management)
Cybersecurity System Security Engineer II – M (Management)
The System Security Engineer’s primary function is working within Special Access Programs (SAPs) supporting SMC and AFSPC acquisition programs. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities to meet NIST Cybersecurity requirements for system assessment & authorization.
Responsibilities include, but are not limited to:
- Serve as the RMF Cybersecurity Specialist for the organization's Systems
- Maintain Day-to-Day security analysis of RMF packages to ensure timely updates and notifications
- Update RMF Security Control Families as required and properly process through eMASS.
- Maintain thorough understating of NIST 800-53 and NIST 800-171 controls and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix.
- Provide support and recommendations to Program Managers and Security Authorities to maintain appropriate information assurance (IA) posture(s) for programs and systems.
- Conduct reviews to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
- Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
- Draft and/or prepare and maintain security Assessment and Authorization documentation (e.g. IA SOP, SSP, MSSP, RAR and SCTM)
- Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration with existing SAP network infrastructures
- Develop and provide IA risk management recommendations to the customer
- Represent the Government Program Manager in various SSE related working groups, advisory groups, and advisory council meetings
- 6-8 years total experience, including minimum 4 years’ experience within SCI or SAR environment. Minimum 2 years of SAP relevant experience highly desired.
- Bachelor’s degree in a related discipline or equivalent additional experience (4 years)
- Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 1 and Information Assurance Manager Level 2 within 6 months of the date of hire
Security Clearance Requirements:
- Current Top Secret Clearance with SCI Eligibility
- Eligibility for access to Special Access Program Information
- Willingness to submit to a Counterintelligence polygraph
- Must be familiar with security policy/manuals and the appropriate ICDs/JAFANs/DOD Manuals and other guiding policy documents
- Full understanding of Risk Management Framework (RMF) and Joint SAP Implementation Guide (JSIG) processes for system accreditation, along with legacy (DITSCAP, DIACAP) processes
- Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners
- Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)
- Possess a high degree of originality, creativity, initiative requiring minimal supervision
- Willingness to travel within the organizational Area of Responsibility (AOR) (note - could be extensive, and will include both air and ground transportation)
- Must be able to lift up to 50 pounds