Cybersecurity Senior ISSM

Torch Technologies has been voted one of the best workplaces by Forbes magazine and the Association of Mechanical Engineers. You now have the opportunity to work with 21st century technology. Apply now to make a career with Torch Technologies a reality.

OVERVIEW OF AREA IN WHICH WORK WILL BE PERFORMED:

Torch Technology has an exciting opportunity for a Cybersecurity Engineer (ISSM) located Kettering OH (Dayton/WPAFB area) to support our EPASS GB contract. As part of the AFLCMC/GB Business and Enterprise Systems Directorate (BES) the Foundation Logistics Information Technology Enterprise System (FLITES) is a new system within the AF to manage Item Master data. The FLITES will provide comprehensive Item Catalog and Provisioning functions for the Logistics business systems and will replace the Item Management Control System (IMCS) suite of legacy systems at a minimum. FLITES will be the central repository for the Item core business objects providing standardization of Item cataloging processes structure attributes propagation and standardized views for all applicable Item types. Additionally FLITES will receive product structure input from an engineering Product Lifecycle Management (PLM) type system. Foundational Logistics Information Technology Enterprise System (FLITES) is the Item data as a core underlying need for each Capability Initiative (CI) and as such will integrate with many logistics enterprise systems. The Air Force wants to rapidly modernize its enterprise logistics systems most of which require Item data. The new FLITES will provide essential functionality of the legacy IMCS more efficiently and effectively in addition to implementing new functionality as described below. Without this support to the Program Management Office (PMO) under GBS the Government would not be able to complete the required documentation reporting and program management support required for a Business Acquisition Category (BCAT) II program. This system will have high visibility following the 5000.75 process.

ESSENTIAL DUTIES/POSITION DESCRIPTION:

The successful candidate will provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF) Cybersecurity Framework (CSF) and National Institute of Standards and Technology (NIST) and per Authorization Officials Information Systems Continuous Monitoring (ISCM) strategy.

The ISSM is the primary cybersecurity technical advisor to the AO PM and ISO. The ISSM ensures the integration of cybersecurity into and throughout the lifecycle of the IT on behalf of the AO and in accordance with DoDI 8510.01 for the following:

Completes and maintains required cybersecurity certification IAW AFMAN 171303;

Ensures all AF IT cybersecurityrelated documentation is current and accessible to properly authorized individuals;

Supports the PM or ISO in maintaining current authorization to operate approval to connect (if required) and implementing corrective actions identified in the plan of actions and milestones;

Coordinates with the PM and AO staffs development of an ISCM strategy and monitors any proposed or actual changes to the system and its environment;

Continuously monitors the IT and environment for securityrelevant events;

Assesses proposed configuration changes for potential impact to the cybersecurity posture;

Assesses the quality of security controls implementation against performance indicators;

Ensures cybersecurityrelated events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties such as IOs stewards and AOs of interconnected IT;

Ensures all ISSOs and privileged users receive necessary technical training and obtain cybersecurity certification IAW AFMAN 171301 Computer Security (COMPUSEC) AFMAN 171303 and maintain proper clearances IAW DoDI 8500.01; and

Ensures the AF IT is acquired documented operated used maintained and disposed of properly IAW DoDI 5000.02 and DoDI 8510.01.

JOB REQUIREMENTS/QUALIFICATIONS:

Must be a U.S. Citizen

Must have an active Secret clearance and must be able to maintain the required level.

The Information Systems Security Manager (ISSM) has the knowledge experience and recognized ability to be considered highly skilled in their technical/professional field. Possesses the ability to perform tasks independently and oversee the efforts of junior and journeyman contractor personnel within the technical/professional discipline. Demonstrates advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards procedures and practices in their area of expertise (Program Office Enterprise and Staff Level Support interface).

All Cybersecurity professionals should possess experience providing guidance on the following to include but not limited to:

Access control.

Configuration management.

System and communications protection.

Contingency planning.

Incident handling.

System and information integrity.

Security and privacy training and awareness; and

Software development activities software and tools related to Cybersecurity.

• Performs extensive assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations enclave policy or local policy.
• Achieves this through passive evaluations (compliance audits) and active evaluations (vulnerability assessments).
• Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
• This includes process support analysis support coordination support security certification test support security documentation support investigations software research hardware introduction and release emerging technology research inspections and periodic audits.
• Assists in the implementation of the required government policy (i.e. NISPOM DCID 6/3 and makes recommendations on process tailoring. Performs extensive analyses to validate established security requirements and to recommends additional security requirements and safeguards.
• Supports the formal Security Test and Evaluation (STandE) required by each government accrediting authority through pretest preparations participation in the tests analysis of the results and preparation of required reports.

EDUCATION AND EXPERIENCE: Bachelors Degree in Computer Science or a related field or equivalent experience. Advanced degree preferred. Typically possesses more than 10 years of experience. Able to communicate effectively and clearly present technical approaches and findings. Able to apply extensive technical expertise and has full knowledge of other related disciplines. Work is performed without appreciable direction. Exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a strategic perspective for desired results. Guides the successful completion of major programs and often functions in a project leadership role. PA

Experience performing cybersecurity duties as outlined in DoDI 8500.01 AFI 17130 and AFI 171301 for assigned AF IT.

Experience validating evaluating and analyzing finding results and developer adjudications using automated testing tools e.g. Fortify Checkmarx SonarQube and AppScan.

Experience utilizing DoD tracking systems to input/document cybersecurity deficiencies vulnerabilities and change requests in the appropriate tracking system for each program e.g. Jira HP ALM and eMASS.

Experience with conducting information security continuous monitoring (ISCM) by maintaining ongoing awareness of information security vulnerabilities and threats to support organizational risk management decisions IAW approved ISCM strategy.

EDUCATION:

Bachelors Degree in a related field and 8 years of experience in the respective technical/professional discipline being performed.

OR 12 years of directly related experience with proper certifications as described in the PWS labor category performance requirements eight of which must be in the DoD.

CERTIFICATION REQUIREMENTS:

At a minimum the successful candidate will meet the requirements for and maintain an IAM Level III Cybersecurity certification by possessing at least one of the following certifications as directed by DoD 8140 and outlined in DoD 8570.01 M Appendix3 Table 22 AFMAN 171303:

ISACA CISM

(ISC)2 CISSP

GIAC GSLC

EC Council CCISO

Additional Desired Certifications:

Certified SCRUM Master

Other Agile Certifications

The following skills are highly desirable but not required for this position:

Working knowledge of the Agile Development methodology

Experience using any or all of the following tools (Desired):

o CheckMarx

o SonarQube

o Jira

o Confluence

o Mavin

o Jenkins

o Bitbucket

U.S. Citizenship Required for this Position:Yes

Job Type:Full time

Security Clearance: Tier 3/Secret

Schedule:At customers discretion

Work Location: Kettering OH

Travel:012

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

Benefits:

Torch Technologies is proud to offer a stable and professional work environment a competitive salary and an excellent comprehensive benefit package including: ESOP participation 401(k) match and safeharbor contribution medical dental vision life insurance shortterm disability longterm disability flexible spending accounts Health Saving Accounts and Health Reimbursement Accounts EAP education assistance paid time off and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age genetic information citizenship ancestry marital status protected veteran status disability status or any other status protected by federal state or local law. Torch Technologies Inc. participates in EVerify.

#LIEW1