Address
Form of workTorch Technologies is seeking a Cybersecurity Information System Security Engineer (ISSE) (Principal) to join a team to support the development and sustainment of for systems assigned to the Air Force Human Resources Systems Division. The contractor shall perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the engineering, planning, analysis, development, implementation, maintenance and enhancement of AFIPPS cybersecurity programs, policies, procedures, and tools following Agile principals utilizing Development Security Operations (DevSecOps) practices. The contractor is responsible for employing best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
The ISSE coordinates their security-related activities with the information security architect, ISSO, ISO, and common control provider. The contractor shall ensure compliance with Department of Defense (DoD) and Air Force (AF) Certification and Accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology, and AFI 17-101, The Risk Management Framework (RMF) for Air Force Information Technology. This position supports the AFLCMC/GB Business and Enterprise Systems Directorate (BES)/GBH Human Resources Systems Division.
Responsibilities: This position requires a highly motivated individual with experience in ensuring the appropriate operational security posture is maintained for the assigned IT. This includes: Serve in the capacity of an Information System Security Engineer (ISSE) and/or Information Assurance Systems Architect and Engineer (IASAE) Ensure that information-security requirements are effectively implemented throughout the security architecting, design, development, configuration, and implementation processes. Recommending policies and procedures to ensure information systems (IS) reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data following DevSecOps practices.
Review/recommend changes to system architecture to ensure cybersecurity compliance, to include assessing interfaces to data partners. Administer, create and monitor cyber security tool reports to ensure IS reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data. Review, monitor and update the entire release pipeline.
With a focus on cybersecurity tools for release pipeline. Participate in review and update of cybersecurity release and RMF process. Participate in cybersecurity cyber working group (CYWG), authorization to operate (ATO), RMF meeting and accomplish assigned taskings and user stories.
Conducting risk and vulnerability assessments of planned and installed IS to identify vulnerabilities, risks, and protection needs. Conducting systems security evaluations, testing, audits, and reviews. Recommending systems security contingency plans and disaster recovery procedures.
Participating in network and systems design to ensure implementation of appropriate systems security policies Assessing security events to determine impact and implementing corrective actions. Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services, software services, network services, systems analysis process(es), and system architecture. Perform ISSE duties in an Information Assurance Workforce System Architecture and Engineering (IASAE) position as outlined in AFI 17-130, AFI 17-101 and AFMAN 17-1303 for assigned systems.
Supporting the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies (i.e., RMF). Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Recommending and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes. The Contractor shall ensure that all system deliverables comply with DoD and AF cybersecurity policy, specifically DoDI 8500.01, Cybersecurity, and AFI 33-200, Air Force Cybersecurity Program Management. Ensure cybersecurity policy is implemented correctly on the network and Continuous Integration pipeline.
Contractors shall ensure compliance with DoD and AF Certification and Accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology, and AFI 17-101, The Risk Management Framework (RMF) for Air Force Information Technology. The Contractor shall ensure that all application deliverables comply with Defense Information Systems Agency (DISA) Application Security Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning to mitigate vulnerabilities associated with SQL injections, cross-site scripting and buffer overflows. The Contractor shall support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI- supported capabilities for biometrics, digital signatures, encryption, identification and authentication.Possesses the advanced knowledge, experience, and recognized ability to be considered an expert in their technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and mid-level personnel within the technical/professional discipline.
Will demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures, and practices in their area of expertise. (Program Office, Enterprise, and Staff Level Support interface) Education Master's or Doctorate Degree in a related field and at least 20 years of experience in the respective technical/professional discipline being performed, 12 years of which must be in the DoD. OR, bachelor's degree in a related field and 25 years of experience in the respective technical/professional discipline being performed, 15 years of which must be in the DoD.
OR, 30 years of directly related experience with proper certifications as described in the PWS labor category performance requirements, 20 years of which must be in the DoD. Specific Work Experience Extensive knowledge and proficiency with the Risk Management Framework (RMF) Expert knowledge and proficiency with Cybersecurity best practices Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies Experience with the implementation of new IT/Business System technologies to include but not limited to Cloud Infrastructure and Enterprise Resource and Planning (ERP) systems. Must have experience with NIST SP 800-53 Security controls and the understanding of control implementations.
Must be willing to learn and use cybersecurity testing tools. Certifications At a minimum, the successful candidate must hold and maintain an Information Assurance System Architect and Engineer (IASAE) Level III Cybersecurity certification by possessing at least one of the following certifications as directed by DoD 8140 and outlined in DoD 8570.01 -M, Appendix3, Table 2,2 AFMAN 17-1303: (ISC)2 CISSP-ISSAP (ISC)2 CISSP-ISSEP CCSP Security Clearance Ability to obtain and maintain a DoD Secret Security Clearance. U.S.
Citizenship required Preferred Qualifications: The following skills are highly desirable but not required for this position: Working knowledge of the Agile Development methodology Experience using any, or all, of the following tools (Desired): CheckMarx, SonarQube, Fortify, Jira, Confluence, and BitBucket. U.S. Citizenship Required for this Position: Yes Job Type: Regular Security Clearance: Secret Schedule: M-F; 8-5 Work Location: Randolph AFB, Texas Travel: Yes, 0-10% Relocation Assistance Available: No Position Contingent Upon Award of Contract: No Benefits: Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays.
Applying to Torch Technologies: Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check. Torch Technologies is committed to hiring and retaining a diverse workforce.
We are proud to be an Equal Employment Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability or any other protected class.Possesses the advanced knowledge, experience, and recognized ability to be considered an expert in their technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and mid-level personnel within the technical/professional discipline. Will demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures, and practices in their area of expertise. (Program Office, Enterprise, and Staff Level Support interface) Education Master's or Doctorate Degree in a related field and at least 20 years of experience in the respective technical/professional discipline being performed, 12 years of which must be in the DoD.
OR, bachelor's degree in a related field and 25 years of experience in the respective technical/professional discipline being performed, 15 years of which must be in the DoD. OR, 30 years of directly related experience with proper certifications as described in the PWS labor category performance requirements, 20 years of which must be in the DoD. Specific Work Experience Extensive knowledge and proficiency with the Risk Management Framework (RMF) Expert knowledge and proficiency with Cybersecurity best practices Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies Experience with the implementation of new IT/Business System technologies to include but not limited to Cloud Infrastructure and Enterprise Resource and Planning (ERP) systems.
Must have experience with NIST SP 800-53 Security controls and the understanding of control implementations. Must be willing to learn and use cybersecurity testing tools. Certifications At a minimum, the successful candidate must hold and maintain an Information Assurance System Architect and Engineer (IASAE) Level III Cybersecurity certification by possessing at least one of the following certifications as directed by DoD 8140 and outlined in DoD 8570.01 -M, Appendix3, Table 2,2 AFMAN 17-1303: (ISC)2 CISSP-ISSAP (ISC)2 CISSP-ISSEP CCSP Security Clearance Ability to obtain and maintain a DoD Secret Security Clearance.
U.S. Citizenship required Preferred Qualifications: The following skills are highly desirable but not required for this position: Working knowledge of the Agile Development methodology Experience using any, or all, of the following tools (Desired): CheckMarx, SonarQube, Fortify, Jira, Confluence, and BitBucket. U.S.
Citizenship Required for this Position: Yes Job Type: Regular Security Clearance: Secret Schedule: M-F; 8-5 Work Location: Randolph AFB, Texas Travel: Yes, 0-10% Relocation Assistance Available: No Position Contingent Upon Award of Contract: No Benefits: Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays. Applying to Torch Technologies: Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.
Torch Technologies is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Employment Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability or any other protected class.
