Logo
COLSA

Aircraft Systems Cybersecurity Specialist (Journeyman)

COLSA, Dayton, Ohio, United States, 45444


General Summary:Provide Platform Information Technology (PIT) Assessment and Authorization (A&A) support to assigned systems during the acquisition life cycle. The support includes developing, modifying, reviewing or coordinating PIT determination packages, Information Assurance Strategy (IAS) packages, Information Assurance Plans (IAP), System Security Plans (SSP), and artifacts for program reviews and Requests for Proposal (RFP). The Contractor shall execute the cybersecurity Risk Management Framework (RMF) to support A&A of assigned systems;Review required program office artifacts and approval packages and make recommendations to support cybersecurity RMF analysis and recommendation to the Security Control Assessor (SCA). The Contractor shall staff each approval package through the requesting organization and the Engineering Directorate prior to submission and briefing to the AO;Perform cybersecurity site audits to verify the architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity testing and evaluation, and to support final approval for IATT and/or ATO. The Contractor shall document and report cybersecurity site audit findings and recommendations;Manage, plan, document and conduct Independent Verification and Validation (IV&V) of Information Assurance (IA) requirements for aircraft systems. IV&V support includes but is not limited to:Review of program documentation (e.g. concept, requirements, design, manuals, reports, source code, deficiency/change reports and program schedules) to ensure that security requirements are adequately addressed and implemented;Witness of functional testing and conduct of additional security testing where necessary to verify the implementation of security requirements;Documentation and reporting of IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required;Conduct and document risk assessments as part of validation activities that include risk descriptions, risk mitigation options, and recommendations;Performance of product security assessments of the software applications used to evaluate security requirements (the assessment is needed to provide a satisfactory level of assurance that the security functions of the applications function as expected);Assistance in translating DoD user requirements into system security requirements which will be used by the weapon system contractor to design, develop, fabricate, test, and evaluate systems, subsystems, and equipment for deployment, and;Evaluation of security design technical implementation to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, and accountability have been implemented as documented in the JAFAN 6/3 and DoD RMF and that the features perform properly.Support the PIT Working Group in the development of PIT process and PIT guidance and provide adequate PIT policy support to assist in developing new requirements for cybersecurity and A&A policy to improve program support. The Contractor shall develop and modify cybersecurity, AT, and SCRM course materials for AFLCMC/EZAS learning courses;Required QualificationsOne of the following combinations of education/experience:Bachelor's degree or higher in a related field and 10+ years of experience in the respective technical / professional discipline being performed, 3 of which must be in the DoDHigh school diploma and 14+ years of experience in the respective technical / professional discipline being performed, 5 of which must be in the DoDKnowledge and experience with system security engineering to include Supply Chain Risk Management (SCRM), hardware and software assurance, program protection planning, risk-based analysis and running Security Technical Implementation Guides (STIG).U.S. Citizenship required; Active SECRET security clearance is required to start.Preferred QualificationsIAM Level II Certification or higher