Cybersecurity ISSE (Principal)
Torch Technologies, Inc. · Kettering, OH · 2 wk ago
TrainingFull-time
About the role
Torch Technologies is seeking a Cybersecurity Engineer, Principal (ISSE) to support the EPASS GB contract. This position is based in Kettering, OH (Dayton/WPAFB area).
Responsibilities
- Provide PMO/Capability Development Manager (CDM) cybersecurity support per DoWI 8500.01.
- Assess and continuously monitor cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST).
- Employ best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
- Coordinate security-related activities with the information security architect, ISSM, ISSO, ISO, and common control providers.
- Complete training and maintain certification IAW AFI 17-1303.
- Complete and maintain required cybersecurity certification IAW AFMAN 17-1303.
- Ensure all AF IT cybersecurity-related documentation is current and accessible to properly authorized individuals.
- Support the PM or ISO in maintaining current authorization to operate, approval to connect (if required), and implementing corrective actions identified in the plan of actions and milestones.
- Coordinate, with the PM and AO staffs, development of an ISCM strategy and monitors any proposed or actual changes to the system and its environment.
- Continuously monitor the IT and environment for security-relevant events.
- Assess proposed configuration changes for potential impact to the cybersecurity posture.
- Afford assessments of the quality of security controls implementation against performance indicators.
- Ensure cybersecurity-related events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties, such as IOs, stewards, and AOs of interconnected IT.
- Ensure all ISSOs and privileged users receive necessary technical training and obtain cybersecurity certification IAW AFMAN 17-1301, Computer Security (COMPUSEC), AFMAN 17-1303, and maintain proper clearances IAW DoWI 8500.01.
- Ensure the AF IT is acquired, documented, operated, used, maintained, and disposed of properly IAW DoWI 5000.02 and DoWI 8510.01.
Requirements
- U.S. Citizenship
- Bachelor’s degree in a related field and 10 years of experience in the respective technical/professional discipline being performed.
- Possess experience providing guidance on the following to include, but not limited to: Access control, Configuration management, System and communications protection, Contingency planning. Incident handling, System and information integrity. Security and privacy training and awareness; and, Software development activities, software and tools related to Cybersecurity.
- Experience performing cybersecurity duties as outlined in DoWI 8500.01, AFI 17-130, and AFI 17-1301 for assigned AF IT.
- Experience validating, evaluating and analyzing finding results and developer adjudications using automated testing tools, e.g., Fortify, Checkmarx, SonarQube, and AppScan.
- Experience utilizing DoW tracking systems to input/document cybersecurity deficiencies, vulnerabilities, and change requests in the appropriate tracking system for each program, e.g., Jira, HP ALM, and eMASS.
- Experience with conducting information security continuous monitoring (ISCM) by maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions IAW approved ISCM strategy.
- Must meet the requirements for and maintain a personnel certification associated with the DCWF Information Systems Security Developer work role (631) at an advanced (principal) proficiency level as outlined in DoWI 8510.01, AFMAN 17-1305 and AFI 17-101 for assigned systems/applications: FITSI FITSP-D - Required GIAC GCSA (ISC)2 CISSP-ISSE PM.
- Must have and maintain an active T3/ Secret security clearance.
Qualifications
- Required Qualifications
- Preferred Qualifications
Skills
- Working knowledge of the Agile Development methodology
- Experience using any, or all, of the following tools (Desired): CheckMarx, SonarQube, Mavin, Fortify, Jira, Confluence, and BitBucket.
Schedule
M-F; 8-5
Work Location
Kettering, OH
Travel
Yes, 0-10%
Relocation Assistance
No
Position Contingent Upon Award of Contract
No
Benefits
- ESOP participation
- 401(k) match
- medical
- dental
- vision
- life insurance
- short-term disability
- long-term disability
- flexible spending accounts
- Health Saving Accounts and Health Reimbursement Accounts
- EAP
- education assistance
- paid time off
- holidays