Cybersecurity Engineer- SME

Cybersecurity Engineer- SME at Modern Technology Solutions, Inc. summary:

The Cybersecurity Engineer - SME provides expert engineering support to the USAF aircraft program office, overseeing project requirements from inception to conclusion. Responsibilities include implementing security measures, conducting system evaluations, and ensuring compliance with DoD directives. The role requires a strong background in cybersecurity engineering and proficiency in risk management frameworks.
Overview

Own Your Future.

Prospective candidate will provide direct cyber security engineering support to a major USAF aircraft program office. The candidate will support the initiation, supervision, and development requirements from a project's inception to conclusion for complex to extremely complex programs. The candidate will provide strategic advice, technical guidance, and expertise to program and project staff leveraging platform IT (PIT) experience. The candidate will assist in providing detailed analysis, evaluations and recommendations for improvements, optimization development, and/or maintenance efforts for client-specific or mission critical challenges/issues.

Why is MTSI known as a Great Place to Work?
Interesting Work:

Our co-workers support some of the most important and critical programs to our national defense and security.
Values:

Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry.
100% Employee Ownership:

we have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year.
Great Benefits - Most Full-Time Staff Are Eligible for:

Starting PTO accrual of 20 days PTO/year + 10 holidays/year
Flexible schedules
6% 401k match with immediate vesting
Semi-annual bonus eligibility (July and December)
Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement account
Up to $10,000 in annual tuition reimbursement
Other company funded benefits, like life and disability insurance
Optional zero deductible Blue Cross/Blue Shield health insurance plan

Track Record of Success:

We have grown every year since our founding in 1993
Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance.

MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.

For more information about MTSI, please visit

.

Responsibilities

• Shall be a certified systems security professional possessing at least five years of experience in implementing Joint Special Access Program (SAP) Implementation Guide (JSIG) or JSIG-related Risk Management Framework (RMF) concepts and processes to be used in the discovery of Information Protection (IP) needs.

• Shall be knowledgeable in the design of systems and security controls and technical, personnel, or management solutions to satisfy these requirements effectively and efficiently. The discipline includes concepts of defense in depth, risk assessment, and the systems life cycle.

• Should meet all prerequisites necessary to enable the Government to grant a DoD Directive (DoDD) 8570 baseline certification commensurate with the position description and tasking responsibilities

• Shall assist in ensuring the implementation of security measures for classified ISs in accordance with the DoD directives and facility procedures.

• Shall support the testing and evaluation of new operating systems/software and hardware requested for use on ISs.

• Shall assist in developing and implementing procedures to ensure JSIG, RMF, and National Industrial Security Program Operating Manual (NISPOM) compliance and shall perform weekly IS audits. If full compliance is not possible, shall notify Government Information Assurance Managers (IAMs) of the risks and possible mitigations.

• Shall aid in conducting ongoing security reviews and tests of the Platform ISs to periodically verify that security features and operating controls are functional and effective.

• Shall utilize security-related software for the detection of malicious code, viruses, and intruders, as appropriate.

• Shall provide technical expertise to assist in applying and implementing JSIG requirements into the security structure of the Platform ISs.

• Shall support the maintenance and development of SSPs for systems.

• Shall assist in assessing, developing, and reviewing sanitization procedures and program designed hardware.

• Shall also assist in assessing, researching, and recommending approval for hardware and software to Platform Government IAM.

• Shall assist in producing and/or reviewing documentation for the Platform Program Office to support the breadth of acquisition, sustainment, and IA efforts.

• Shall support the Platform Program Office relative to the Platform organization's IA program and IA policies/procedures compliance activities.

• Shall support implement security controls by applying specific safeguards or by assisting in the regulation of specific activities that are expressed in a specified format (i.e., a control number, a control name, control text, and a control class).

• Shall apply specific management, personnel, operational, and technical controls to each DoD information system to assist in achieving an appropriate level of integrity, availability, and confidentiality in accordance with Office of Management and Budget Circular A-130 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev 4. 3.6.6.9.

• Shall apply knowledge of information security best practices and industry standards to assist in protecting data from unauthorized access and prevention of the use, disclosure, destruction, modification, or disruption to access (reference NIST SP 800-115). 3.6.6.10

• Shall assist in evaluating aspects of economics of privacy and security when associated with protection schema or security options and shall advise on the most effective and efficient security measures based upon CBA, break-even analysis, and life cycle cost (reference NIST SP 800-65 Rev 1). 3.6.6.11.

• Shall support the evaluation of physical security measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts.

• Shall apply experience in the preparation of conceptual diagrams showing how a building, facility, or stored information, might be attacked. 3.6.6.12.

• Shall support security A&A by applying knowledge commensurate with the professional certifications associated with the DoD RMF approach for identifying information security requirements, providing security solutions, and managing the security of DoD IS.

• Should have experience with certification authority and designated approving authority processes. 3.6.6.13.

• Shall assist in integrating program protection engineering processes for mitigating and managing risks to advanced technology and mission-critical system functionality from foreign collection, design vulnerability, or supply chain exploitation/insertion, battlefield loss, and unauthorized or inadvertent disclosure throughout the acquisition life cycle. 3.6.6.14

• Shall prepare and maintain the Platform PPP

• Shall be familiar with DoDI 5200.39 (revised Dec 2010) and with implementation of horizontal protection techniques to assist in ensuring that all who develop, process, or store the same or similar CPI use the same or equally effective.

• Shall be familiar with 2011 National Defense Authorization Act to support the development and incorporation of technology protection features into a system or subsystem during its R&D phase and international considerations within the acquisition management framework for summary of defense exportability features nomination and feasibility assessment.

• Shall provide IA and technical expertise for information systems, systems engineering, STE, legacy operating systems, laboratory equipment, and avionics systems/sub-systems-related modernization and sustainment programs supported in the platform.

• Shall be the IA security official responsible to support in coordinating and obtaining security approval for sanitization and secure handling procedures for avionics line replaceable units and STE driven by sustainment and modification programs.

• Shall apply in-depth knowledge of various computer and electronic systems, from Windows and UNIX-flavored operating systems to avionics and test equipment hardware.

• Shall advise and assist with implementation of DoDI 5205.11 and Department of Defense Manuals (DoDM) 5205.07, Volume 1-4 as well as JSIG regulations for SAP IA oversight and management of computer and avionics equipment.

• Shall assist with IA security oversight and approval of modernization program equipment directly tied to software integration, operations, and implementation schedules for new capabilities for the warfighter. All these capabilities directly affect the maintenance and improvement of aircraft availability.

• Shall support development and approval processes for PPPs, AT plans, ATO requests, and other milestone decision and design documentation reviews as required.

Qualifications

Required Qualifications:

• Active TOP SECRET Security Clearance with eligibility for Special Access Program access

• Bachelor's degree in professional Engineering, Mathematics or Science related to Cybersecurity Engineering with 15 years of experience or a master's degree in professional engineering, Mathematics or Science related to Cybersecurity Engineering and 12 years of experience

• Must meet all prerequisites necessary to enable the Government to grant a DoDI 8570 baseline certification commensurate with the position description and tasking responsibilities—Shall hold a CISSP Certification or be able to obtain such certification within the first six months of employment

• 15 years of experience in cybersecurity engineering supporting USAF aircraft/platforms

Desired Qualifications:

• Security +

Please Note: U.S. Citizenship is required.

#LI-DB1
#MTSI
Keywords:

Cybersecurity, Information Security, USAF, Risk Management Framework, Systems Security, DoD Compliance, Technical Guidance, Security Audits, Cybersecurity Engineering, Platform IT

---