Address
Form of workInput Technology Solutions is seeking a candidate for an AOS Cyber Security/Risk Management Support role open with a great client in Hampton, Virginia!
Job Overview:
Providing support to Headquarters Air Combat Command (HQ ACC) at Langley Air Force Base, Virginia. Support includes a full range of Information Warfare training and operations, Information Systems & Operations, Communications, Administrative Support, and Knowledge-Based Services across the air, space, and cyber domains.
Job Description:
The AOS Cyber Security/Risk Management Support role will provide AOS proper implementation and sustainment of DoD cybersecurity and Risk Management Framework (RMF) requirements and authorization to operate for AOS unique software.
- Develop and Maintain Security Plan for AOS Domain Enclave of the Air Force Enterprise
- Develop a Security Assessment Plan for AOS domain enclave of the Air Force Enterprise within Enterprise Mission Assurance Support Service (eMASS), describing the objectives of the security control assessment and providing a detailed roadmap for performing the assessment, to include:
- AOS System Security Plan
- Security Assessment Report
- Risk Assessment Report (RAR)
- Up-to-date POA&M
- Monitor and track execution of POA&M for AOS in order to identify and monitor corrective action for weaknesses and deficiencies found during security assessment.
- Perform required cybersecurity analyst (CSA) RMF process steps for the AOS domain enclave of the Air Force Enterprise (CARP/ADIS), to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls. Review and adjudicate system security categorizations decisions for the AOS as well as final security control sets.
- Review the Security Plan and System Level Continuous Monitoring Strategy for the AOS domain enclave of the Air Force Enterprise.
- Provide guidance to AOS on RMF processes and procedures for the AOS domain enclave of the Air Force Enterprise.
- Categorize and Describe Information Systems in the following Capacities:
- Categorize Information System – Categorize the information system and document the results of the security categorization in the security plan.
- Provide guidance to AOS Stakeholders on the RMF assessment process.
- Support AOS in embedding cybersecurity and the Risk Management Framework actions and checkpoints into the appropriate point in the AOS System Life Cycle (SLC) Management Policy; develop tools, procedures and templates to support CS and RMF execution under the SLC.
- Submit status reports on open action items (to include projected completion dates), issues/concerns and lessons learned. Reports are to be provided by the 10th of each month
- Perform all required CSA RMF process steps for the AOS domain enclave of the Air Force Enterprise, to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls.
- Assess approved technical and non-technical security features of AOS domain enclave of the Air Force Enterprise to address known threats and vulnerabilities. The assessment must consider and identify impacts as well as consideration of existing risk mitigation strategies.
- Act as an independent and impartial assessor to determine and certify aggregate cybersecurity risk for recommendations for AOS domain enclave of the Air Force Enterprise
- Complete Checkpoints (as described in Appendix K of Risk Management Framework Process Guide, Version 2.0, 4 August 2017) for the CARP/ADIS and provide recommendations for the Security Assessment Plan, ensuring all appropriate security controls will be assessed for compliance.
- Provide quality assurance of an RMF Security Assessment Plan related to cybersecurity risk for the AOS domain enclave of the Air Force Enterprise.
Job Qualifications:
- Must have current Secret eligibility.
- Minimum 3 years of experience in cybersecurity documentation and system authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.).
- Possess Information Assurance Management (IAM) level III (DoD 8570.01). It is desired that the contractor possesses the Certified Information Systems Security Professional (CISSP) status. However, any of the other DoD-approved IA management level III baseline certifications are suitable for this task.
- Knowledgeable in DoD Information Assurance Certification & Accreditation Process (DIACAP), RMF and NIST experience in security control assessments and risk assessments.
- Possess strong technical writing skills.
