Abacus Technology is seeking a Cyber Security Engineer to provide security support for the Command, Control, Communication, Intelligence and Networks (C3I&N) Directorate at Lackland AFB. This is a full-time position.
Ensure that all system deliverables comply with DoD and AF cybersecurity policy, specifically DoDI 8500.01, Cybersecurity, and AFI 33-200, Air Force Cybersecurity Program Management. Ensure that cybersecurity policy is implemented correctly on systems. Ensure compliance with DoD and AF Certification and Accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology, and AFI 33-210, The Risk Management Framework (RMF) for Air Force Information Technology. Support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI-supported capabilities for biometrics, digital signatures, encryption, identification and authentication. Ensure that all application deliverables are compliant with Public Law 111-383, which states the general need for software assurance. Ensure that all application deliverables comply with Defense Information Systems Agency (DISA) Application Security Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning to mitigate vulnerabilities associated with SQL injections, cross-site scripting, and buffer overflows. Support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI-supported capabilities for biometrics, digital signatures, encryption, identification and authentication. Perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Ensure personnel performing cybersecurity activities obtain, and remain current with, technical and/or management certifications to ensure compliance as directed by DoD 8140 and outlined in DoD 8570.01-M, Appendix3, Table 2,2 AFMAN 33-285 and as stipulated in Section H, Clause H101 of the overarching Application Services RFP. Support the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies (i.e., Risk Management Framework (RMF)). Recommend policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data. Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs. Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Conduct systems security evaluations, audits, and reviews. Recommend systems security contingency plans and disaster recovery procedures. Recommend and implement programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Participate in network and systems design to ensure implementation of appropriate systems security policies. Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes. Assess security events to determine impact and implementing corrective actions. Ensure the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Perform the Information System Security Engineer (ISSE) duties in an Information Assurance Workforce System Architecture and Engineering (IASAE) position as outlined in AFI 33-200, AFI 33-210 and AFMAN 33-285 for assigned systems. Perform the Information System Security Manager (ISSM) duties as outlined in DoDI 8510.01 for assigned systems/applications. Perform the Information System Security Officer (ISSO) duties as outlined in DoDI 8510.01 for assigned systems/applications.
7+ years experience in cyber security or information assurance. Bachelor’s degree in a related field. Must be CISSP certified. Experience with the certification and accreditation (C&A), assessment and authorization (A&A), and Risk Management Framework (RMF). Engineering experience with command and control systems like Global Command and Control System (Joint, Air Force, I3), Joint Automated Deep Operations Coordination System (JADOCS), Theater Battle Management Control System (preferably Force Level), etc. Experience with the systems and engineering aspects of some of the following systems: Plan X, Phalanx, Project Ike, CENTROPY, Cyber Command and Control Mission System Weapon System, Strategic Worldwide Integration Capability (SWIC), Advanced Capability for Understanding Managing Effects Networks (ACUMEN), C2 Core Cyber or Multi-Domain, Service Oriented Architecture implementations. Knowledge of cloud hosting, (especially Platform as a Service, Software as a Service), cloud security continuous integration/continuous delivery to cloud implementations. Experience with security in cloud implementations and hybrid cloud (public/private). Strong enterprise networking and systems knowledge (multiple years in a technical capacity in a Network Operations Security Center, Regional Cyber Center, etc.). Knowledge of the basics of DIACAP/RMF and DoD Architecture Framework or Unified Architecture Framework. Knowledge of Model Based Systems Engineering, Systems Modeling Language, Service Oriented Architecture Modeling Language a plus. Know Scaled Agile Framework or similar agile software development methodology a plus. Understand the planning, programming, and budgeting execution (PPBE) process desired. Must have an operational mindset and be resilient and flexible. Must be able to coherently articulate technical concepts to individuals and groups without “talking down” to the audience. Must be able to read through documents and quickly provide assessments for the client. Must be a US Citizen and hold an active Top Secret clearance with SCI (TS/SCI).
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.