is seeking several Cyber Security Engineer III Security Control Assessor Representatives
- to join our team supporting the US Air Force HI EPASS Contract. These openings are located at Randolph AFB, San Antonio, TX.
Within the AFLCMC/HI Business and Enterprise Systems Directorate (BES), the Cyber Security Domain provides cyber support to Air Force users to empower the acquisition, operation, sustainment, and security of warfighting systems. The activities involve ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
What you will do: The AFLCMC/HIZ Security Control Assessor Representative (SCAR) is responsible for assessing application and software cybersecurity (confidentiality, integrity, and availability) readiness by performing individual internal assessments as part of the Risk Management Framework. The SCAR candidate must have specific knowledge of application, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation.
The successful candidate will perform work that applies a broad theoretical and practical knowledge of Cybersecurity. The functions required to be performed by individuals in this specialty may include:
- Evaluates IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss.
- Documents business processes within process narratives or flowcharts, identifying risks and mitigating controls.
- Develops risk and control matrices and test plans for key controls.
- Identifies control gaps and tests the design of existing controls.
- Formulates clear and concise conclusions on internal controls and business process and efficiencies.
- Supporting the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies (i.e., Risk Management Framework (RMF)
- Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data
- Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs
- Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals
- Recommending systems security contingency plans and disaster recovery procedures
- Recommending and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures
- Participating in network and systems design to ensure implementation of appropriate systems security policies
- Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes
- Assessing security events to determine impact and implementing corrective actions
- Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.
What you need to have:
- Clearance: must possess and maintain a Secret Clearance
- Bachelor of Science (B.S.) degree in Cybersecurity, Engineering, Information Systems, Information Security, Computer Science, or related technical discipline is required
- Must meet the requirements for and maintain an IAT or IAM Level III Cybersecurity certification by possessing at least one of the following certifications:
- CASP+ CE
- CCNP Security
- CISSP (or Associate)
- The successful candidate shall possess the advanced knowledge, experience, and recognized ability to be considered an expert in their technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and mid-level personnel within the technical/professional discipline. Will demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures, and practices in their area of expertise.
- Expertise and support in implementing cybersecurity technologies (formally Information Assurance (IA)
- Experience within Federal Government in support of cybersecurity practices for Business Enterprise System
- Experience with implementing Risk Management Framework (RMF)
- Knowledge and experience working with eMASS
- Must be willing to learn and use cybersecurity testing tools
- Must have experience with NIST SP 800-53 security controls and the understanding of control implementations
What we'd like you to have:
- Working knowledge of the Agile Development methodology
- Experience using any, or all, of the following tools:
- Burpsuite Professional
- HCL AppScan
- Trustwave AppDetectivePro
About BigBear.ai: A leader in decision dominance for more than 20 years, BigBear.ai operationalizes artificial intelligence and machine learning at scale through its end-to-end data analytics platform. The Company uses its proprietary AI/ML technology to support its customers decision-making processes and deliver practical solutions that work in complex, realistic and imperfect data environments. BigBear.ais composable AI-powered platform solutions work together as often as they stand alone: Observe (data ingestion and conflation), Orient (composable machine learning at scale), and Dominate (visual anticipatory intelligence and optimization).
BigBear.ais customers, which include the U.S. Intelligence Community, Department of Defense, the U.S. Federal Government, as well as customers in the commercial sector, rely on BigBear.ais high value software products and technology to analyze information, identify and manage risk, and support mission critical decision making. Headquartered in Columbia, Maryland, BigBear.ai has additional locations in Virginia, Massachusetts, Michigan, and California. BigBear.ai will request COVID-19 vaccination status information as part of the onboarding process.