Aircraft/Aviation Systems Cybersecurity SME

General Summary:
Performs system monitoring and analysis support for the detection of cyber incidents and provides recommendations on how to correct findings.

Principal Duties and Responsibilities (*Essential Functions):

• Translate and apply cybersecurity requirements into aircraft avionics and engine systems
• Identify aviation focused cyber risks and support various threat analysis and assessment methods for aircraft and avionics systems
• Demonstrate knowledge and understanding of industry standards and regulatory best practices related to aircraft cybersecurity
• Demonstrate knowledge and understanding of aircraft operations, avionics systems, engine/propulsion control systems to include an understanding of various data busses such as ARINC 429, MIL-STD 1553, Ethernet, RS-485, etc.
• Apply knowledge of embedded software such as Real Time Operating Systems (RTOS) and software security.
• Have knowledge of the Systems Security Engineering disciplines to include: Anti-Tamper, Trusted Systems & Networks, Cybersecurity, Hardware/Software/Firmware Assurance, Supply Chain Risk Management, Acquisition Security, Cyber Resiliency, and Information Protection.
• Have knowledge of the SSE sub-disciplines to include: Critical Program Information (CPI) Identification, Critical Component Identification, Threat and Vulnerability Analysis, Test & Evaluation, and Risk Identification and Management.
• Support the Systems Engineer with program engineering milestone reviews, test planning, and certification and accreditation packages. The Contractor shall review/develop/update applicable systems security engineering program documentation.
• Assist the Information Systems Security Manager (ISSM) and provide multi-discipline expertise covering project management, system security engineering, system administration, and network administration.
• Provide direct support to assure compliance to the most current revision of the Security Directives applicable to Platform Information Technology (PIT), PITI and non-PIT systems being supported. These include DoDI 8500.01, Cybersecurity, DoDI 8510.01, RMF for DoD IT, JSIG, NIST 800-53, and directives/guidance identified in DoDI 5000.02.
• Provide cybersecurity support to assigned systems and shall assist in developing, modifying, reviewing or coordinating items that include, but are not limited to: PIT determination package, cybersecurity strategy (formerly IAS), System Security Plan (SSP), system controls traceability matrix, risk assessment report, plan of action and milestones, security assessment plan, artifacts for program review and RFP. 
• Assist in executing the cybersecurity RMF to support Assessment and Authorization (A&A) of assigned systems.
• Review required program office artifacts and make recommendations to support cybersecurity RMF analysis.
• Review and assist in coordinating approval for sanitization and declassification plans and/or procedures.
• Assist in performing vulnerability, threat, and risk assessments, and security impact assessments on assigned systems, modifications, and interconnections.
• Assist in developing an A&A report and an A&A presentation for each required system to support approval decisions.
• Assist in managing, planning, documenting and conducting Independent Verification and Validation (IV&V) of security requirements for weapon systems.
• Assist in evaluating the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability and non-repudiation have been implemented as documented in the Director of Central Intelligence Directive (DCID) 6/3, JSIG, DoDI 8500.01, DoDI 8510.01, and NIST 800-53, and that the features perform properly.
• Assist in documenting and reporting IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
• Assist in performing cybersecurity site audits to verify architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity testing and evaluation, and to support final approval for Interim Authority to Test (IATT), Interim Authority To Operate (IATO), Authority To Operate (ATO), and/or Authority To Connect (ATC). The Contractor shall assist in documenting and reporting cybersecurity site audit findings and recommendations to the program office and/or Security Certification Authority (CA).
• Assist in identifying the Software Assurance (SWA) pedigree (including platform software) and QA issues and documenting the results.
• Assist in performing software security analyses to assess the vulnerabilities and risks. The results should be documented and reported to the PM and the Security CA. 
• Assist with developing an approach for performing operational SWA sensitivity analysis. The Contractor shall assist with developing SWA test metrics for inputs to the TEMP.
• Assist the Government in conducting Supply Chain Risk Management (SCRM).
• Assist in developing and documenting SCRM plans and implementation activities in appropriate acquisition and security documents including but not limited to the acquisition strategy, SEP, PPP, and SSP.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here. 

Required Qualifications

• Associate's degree or higher in related field or equivalent experience.
• Minimum of 3 related certifications may be used in place of unrelated degree field.
• Minimum of 10 plus years of work related experience.
• Direct knowledge of cybersecurity requirements & risks specific to aircraft and/or aviation systems
• Ability to clearly present and communicate technical approaches and findings.
• U.S. Citizenship required; Must be able to obtain and maintain a Secret Clearance.
• Must have the ability to obtain and maintain a Security + CE Certification (or equivalent/higher) within 6 months of start date

 Preferred Qualifications

• Advanced degree preferred
• Currently active Security + CE certification (or equivalent/higher) 

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.