Title: Information Assurance System Security Engineer II

Location: Wright Patterson AFB, Ohio (Dayton)

Clearance: Secret

Citizenship Requirement: US Citizenship

Req #: 3595

Salary: $140,000 to $160,000

RFS#5

R5E1P8

June 12th, 2024 Start date

Summary: Craig Technologies has an opening for a Information Assurance System Security Engineer II at Wright Patterson AFB which is in Dayton, OH.

Craig Technologies is seeking qualified candidates to support the US Air Force Agency for Modeling and Simulation (AFAMS) program. AFAMS is the premier agency responsible for implementation, integration, and development of Modeling and Simulation (M&S) and training and analysis standards that support the US Air Force (USAF), Department of Defense (DoD), and mission partners requiring these capabilities to support the Warfighter in full-spectrum operations. As the lead agent for M&S within the USAF, AFAMS gathers requirements, seeks out potential solutions, and integrates legacy and emerging M&S solutions across the USAF and the DoD. The USAF has an M&S initiative that focuses on providing simulation and synthetic training as the critical capability to augment live training, act as an enabler for critical decision-making, and enhance human performance. In the current resource constrained environment, demand for M&S rises with the continuously evolving need for operational readiness and mission preparedness across the USAF, DoD, and with coalition partners. AFAMS focuses on providing innovative M&S services as the key to meeting this demand. The role of this position is to support the Air Force Life Cycle Management Center Simulators Division in Wright Patterson AFB, OH.

Detailed Description:

The IA System Security Engineer will:

• Support Information Owners achieving consistent application and implementation of network and system security policies, countermeasures, and procedures under development and fielded at user sites. Standardize non-technical assessment policies and procedures.

• Provide technical expertise and cybersecurity services to augment and support the Security Control Assessor Representative (SCAR) and Associate Security Control Assessor Representative (ASCAR) functions throughout all security development lifecycles performed within a simulator program's SDLC.

• Develop and implement Common Control Provider (CCP) security controls and an eMASS program of record.

• Standardize non-technical assessment policies and procedures.

• Develop and distribute Best Practices and Lessons-Learned to the entire simulator fleet.

• Provide cybersecurity expertise and services to support a programs' ISSMs, ISSOs, and ISSEs.

• Assist Programs with cyber security requirements and cyber security language for RFI's. SOO's and other program developed documents.

• Verify ISSOs are appointed in writing and verify they follow cybersecurity policies and procedures.

• Develop and maintain organizational and program cybersecurity architecture, requirements, objectives and policies, and cybersecurity processes and procedures.

• Manage and update RMF cybersecurity information to include verifying artifacts are entered in eMASS or other AO required format.

• Increase the security posture of programs by ensuring security controls are implemented and working per the ATO.

• Recommend risk mitigation procedures and countermeasures when a cybersecurity incident or vulnerability is discovered.

• Ensure a process is in place for users to report all cybersecurity threats, vulnerabilities, and incidents, whether actual or suspected, are reported to authorities (e.g., ISSO, ISSM, PM).

• Assess the accuracy and completeness of RMF authorization packages IAW the Package Approval Chain (PAC) in eMASS. Reduce the Control Approval Chain (CAC) security control rejection and rework.

• Provide a centralized management approach to create, update, track, and monitor POA&Ms from beginning through final resolution of security findings.

• At customer direction, visit simulator program sites to provide cybersecurity support and services to site personnel to promote and improve simulator security postures and compliance with cybersecurity policies.

• Assess current operations; document simulator security postures to ensure a robust cyber-security Program that complies with FIPS 199 and 200, DoDI 8500.01, DoDI 8510.01, DoDI 5200.39, and AFI 17-101.

• Conduct analysis of findings on unclassified and classified networks and systems.

Position Requirements:

. Qualifications The following skills are required:

• DoD 8570.1 IAM Level II certification (CAP, CASP, CE, CISM, CISSP) or able to secure within first 90 days post hire.

• 3 - 10 years system security engineering experience conducting information system security assessments; evaluating IA and Cybersecurity security controls; and conducting and supporting RMF activities.

• (Desired) Defense Information Assurance Certification and Accreditation Process (DIACAP) proficiency.

• eMASS and ACAS operations proficiency; formal eMASS/ACAS training desired.

• Secret Clearance

• Ability to travel up to 30% of the time.

Craig Technologies is an EEO Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, or any other non-job-related protected status. All candidates selected will be subject to a security background investigation and must meet all eligibility requirements for access to classified information.