Abacus Technology is seeking a Cyber Security Engineer to provide security support for the Command, Control, Communication, Intelligence and Networks (C3I&N) Directorate at Lackland AFB. This is a full-time position.
Ensure that all system deliverables comply with DoD and AF cybersecurity policy, specifically DoDI 8500.01, Cybersecurity, and AFI 33-200, Air Force Cybersecurity Program Management. Ensure that cybersecurity policy is implemented correctly on systems. Ensure compliance with DoD and AF Certification and Accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology, and AFI 33-210, The Risk Management Framework (RMF) for Air Force Information Technology. Support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI-supported capabilities for biometrics, digital signatures, encryption, identification and authentication. Ensure that all application deliverables are compliant with Public Law 111-383, which states the general need for software assurance. Ensure that all application deliverables comply with Defense Information Systems Agency (DISA) Application Security Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning to mitigate vulnerabilities associated with SQL injections, cross-site scripting, and buffer overflows. Support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI-supported capabilities for biometrics, digital signatures, encryption, identification and authentication. Perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Ensure personnel performing cybersecurity activities obtain, and remain current with, technical and/or management certifications to ensure compliance as directed by DoD 8140 and outlined in DoD 8570.01-M, Appendix3, Table 2,2 AFMAN 33-285 and as stipulated in Section H, Clause H101 of the overarching Application Services RFP. Support the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies (i.e., Risk Management Framework (RMF)). Recommend policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data. Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs. Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Conduct systems security evaluations, audits, and reviews. Recommend systems security contingency plans and disaster recovery procedures. Recommend and implement programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Participate in network and systems design to ensure implementation of appropriate systems security policies. Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes. Assess security events to determine impact and implementing corrective actions. Ensure the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Perform the Information System Security Engineer (ISSE) duties in an Information Assurance Workforce System Architecture and Engineering (IASAE) position as outlined in AFI 33-200, AFI 33-210 and AFMAN 33-285 for assigned systems. Perform the Information System Security Manager (ISSM) duties as outlined in DoDI 8510.01 for assigned systems/applications. Perform the Information System Security Officer (ISSO) duties as outlined in DoDI 8510.01 for assigned systems/applications.
5+ years experience in cyber security or information assurance. Bachelor’s degree in a related field. Must be CISSP certified. Experience with the certification and accreditation (C&A), assessment and authorization (A&A), and Risk Management Framework (RMF). Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems. Knowledge of intrusion prevention and network access control tools/systems. Must have experience with acquisition and sustainment. Understanding of system audit principles and security risk assessment. Must have a solid understanding of network infrastructure and mission assurance. Experience with Quick Reaction Capability is preferred. Familiar with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must have solid communications skills and be capable of working with all levels of an organization. Must be a US Citizen and hold an active Top Secret clearance with SCI.
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.