Responsibilities:
The primary service associated with A&A support to include creation and maintenance of Risk Management Framework (RMF) Authority-To-Operate (ATO) packages (To include annual reviews) to achieve and/or retain an ATO for AFRC/A4 systems. These activities include authoring/reviewing Standard Operating Procedures (SOPs), and Ports, Protocols & Services maintenance.
Representative systems include:
- AFRC Basing and Logistics Geospatial Information and Services (AFRC B&L GI&S) - NIPR RMF Package
- AFRC Civil Engineering Planning Tool (CEPT) – NIPR RMF Package
- AFRC Support Agreement Management Tool (SAM) - NIPR RMF Package
Additional services provided will include but are not limited to the following:
- Perform ISSM duties as required IAW AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology (IT) and AFI 17-130, Cybersecurity Program Management.
- Ensure Federal Information Security Management Act (FISMA) compliance requirements are met for the packages.
- Conduct annual security reviews of all IA controls and a test of selected IA controls IAW AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology.
- Manage the systems COMPUSEC Program for HQ AFRC/A4
- Address all AF COMPUSEC requirements IAW AFMAN 17-1302-O
- Implement and enforce all AF cybersecurity policies, procedures, and countermeasures.
- Completion/ annual review of SOPs.
- Comply with continuous monitoring – update asset/hardware/software inventory, upload vulnerability scan reports, POAMs, STIG checklists.
- Coordinate/facilitate annual Tabletop or Live Contingency/Incident Response Plan.
- Provide CCRI support services to Vulnerability Management office & CCRI PM. · Monitor STIG compliance and remediation of vulnerabilities.
- Ensure POAMs are being accomplished for those items that are non-compliant.
- Review POAMs periodically to ensure estimated completion date is met, milestones documented.
- Participate in Change Approval Board for changes to systems.
- Upload monthly hardware/software asset inventories.
- Provide/upload artifacts required for authority to operate and other A&A requirements, as required in accordance with CDRL A008, ATO/A&A Artifacts, DI-MGMT-82000, PWS Appendix C.
- Provide input to on-site contract manager as required to support deliverables identified in section 2.3.1.
- Provide services necessary to provide Information Systems Security Management support for HQ AFRC/A4 systems - AFRC Basing and Logistics GI&S, CEPT, and SAM. All services provided and products delivered must comply with the Government security and architecture requirements. Specifically, the scope of services required includes:
- Complete RMF ATO documentation to ensure current and viable ATO for the GIS, CEPT, and SAM systems.
- Maintenance and updates of system Approvals TO Operate (ATOs) and System Security Plans (SSPs)
- Creation of risk management processes and policies for AFRC B&L GI&S
- Creation, maintenance, and implementation of a disaster recovery/continuity of operations plan for all supported systems
- Creation and maintenance of Ports, Protocols, and Services document
- Creation and maintenance of system diagrams and architectures
- Maintain Hardware and Software listings.
- Liaison between Civil Engineering Authorizing Official (CE AO) and AFRC A4
Requirements
- 5 or more years of demonstrated corporate experience, provided support staff meeting the position requirements.
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Knowledge of server administration and systems engineering theories, concepts, and methods.
- Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
- Knowledge of basic system administration, network, and operating system hardening techniques
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Knowledge of cybersecurity principles.
- Knowledge of risk management processes and requirements per the Risk Management Framework (RMF)
- Work on site at Warner Robins, GA location.
- Active 8570 Certification; Comp TIA Level II
Clearance Required: Active DoD “Secret” level clearance.
Equal Opportunity Employer: Disability/Veteran
Tyto is an IT services and solutions company that provides mission-focused digital transformation to enhance the client experience and enable them to achieve desired outcomes. Tyto's services and solutions embody its domain expertise in four major Technology domains: Network Modernization, Hybrid Cloud, Cyber Security, and Enterprise IT. Tyto offers a broad range of service delivery models including design/install projects, Managed Services, and 'As-a-Service'. With over fifty years of experience, Tyto supports Defense, Intelligence, Space, National Security, Civilian, Health and Public Safety clients across the United States and around the globe.
Clearances RequiredSecret
Additional Information