ESSENTIAL AREA OF RESPONSIBILITY:

All areas of responsibility listed below are essential to the satisfactory performance of this position, with reasonable accommodation, if necessary. Work responsibilities may vary, depending upon assignment. Work located in Heath, OH.
 
GENERAL FUNCTION:
 General Information
 •    Assist in ensuring implementation of DoD, USAF and MAJCOM policies and update local processes and procedures necessary to support day-to-day operations.
 •    Assist the USG to organize, coordinate, identify, and satisfy the IA/ Cybersecurity requirements consistent with DoD policies, standards, and system architectures.
 •    Assist in formulating architectural design, functional specifications, interfaces and documentation of hardware or software systems.
 •    Utilize the RMF to support Authorization and Accreditation (A&A) of assigned systems. The Contractor shall assist in the monitoring of systems throughout the lifecycle management process from concept to decommission.
 •    Provide assistance in developing, modifying, reviewing, and coordinating IT Categorization Determination packages, Information Assurance Strategies (IASs), Information Assurance Plans (IAPs), PPPs, SSPs, Information Assurance Assessments, System Assessments, Interconnection Security Agreements (ISAs), Verification and Validation testing, Development and Design, requirements identification, Baseline Control selection, Applicability Assessments, Mitigation Strategies, Milestone Requirements Assessments, Configuration Management reviews, Continuous Monitoring, IA Liaison functions between the Developer, User Community and Program Management, leading the IA Integrated Process Team (IAIPT). The Contractor shall assist with the development of specific artifacts for program reviews and the review of IA requirements in the development and assessment of RFPs and ECPs. The Contractor shall assist with the evaluation of technical implementations of security designs to ensure that security software, hardware, and firmware features affecting confidentiality, integrity, availability, accountability, and non-repudiation have been implemented as documented in the JSIG (current version)/NIST 800-53 or while meeting the IA/Cybersecurity requirements of DoD Instruction 8500.01, Cybersecurity, DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), DoD Instruction 5200.39, and Air Force Instruction (AFI) 33-210, Air Force Certification and Accreditation (C&A) Program (AFCAP), as well as DCID 6/3, and JSIG requirements.
 
  Information Assurance/Cybersecurity
 •    Assist in the modification of the Acquisition IA/ Cybersecurity Strategy for external systems.
 •    Assist the USG to organize, coordinate, identify, and satisfy the IA/Cybersecurity requirements consistent with DoD policies, standards, and system architectures.
 •    Apply knowledge of computer science principles, information management principles, Automated Data Processing (ADP) functions and plans, hardware and software systems' structures and operation, and computer programming languages and techniques to assist in the resolution of automation problems.
 •    Assist in the evaluation of different versions of security software for the USG’s automated systems.
 •    Assist with monitoring information system activities to ensure system integrity; establishing reaction and maintenance control for the facility; and assist in performing system access or revocation tasks.
 •    Report system security incidents, classified message incidents, vulnerabilities, and virus attacks IAW AFSSI 5021.
 •    Assist in ensuring information systems are cleared or sanitized IAW AFSSI 5020.
 •    Provide assistance in developing, modifying, reviewing, and coordinating system PIT determination packages, IASs, IAPs, SSPs, Information Assurance Assessments, System Assessments, ISAs, Verification and Validation testing, Development and Design, requirements identification, Baseline Control selection, Applicability Assessments, Mitigation Strategies, Milestone Requirements Assessments, Configuration Management reviews, Continuous Monitoring, IA Liaison functions between the Developer, Simulators Division, User Community and Program Management.
 
 Critical Information
 •    Assist in the evaluation of security and administrative procedures associated with handling unclassified Critical Program Information/Critical Information (CPI/CI) and classified material.
 
 Classified Information
 •    Assist in conducting analyses of procedures regarding the handling, controlling, storage and disposition of classified or critical weapon system hardware.
 •    Assist in producing reports on the results of the analyses, including recommended actions, in either electronic or written form.
 
 Cybersecurity 
 •    Shall be DoD 8570 - IAM II compliant (No waivers).
 •    Demonstrate an advanced understanding of the Risk Management Framework (RMF) and shall apply it within the context of training simulations mission objectives.
 •    Identify and recommend potential areas where existing data security policies and procedures may require change, or where a supplement is required to mitigate key security risks.
 •    Assist in implementing the JSIG or ICD 503 (a.k.a. Risk Management Framework) requirements to include technical computer/network system auditing.
 •    Ensure communication to the ISSMs and Simulators Program Office Cyber leadership and the Program Managers during the lifecycle of the Authorization to Operate (ATO) period; especially if a time arises when the ATO is in jeopardy of not being granted.
 •    Possess knowledge and experience in providing oversight and execution of the Assessment & Authorization processes (a.k.a. Certification & Accreditation).to assist with ensuring the ISSMs clearly understand their duties as described in the PWS and mentor them to satisfactorily accomplish those duties
 
 •    Establish and maintain effective professional working relationships with co-workers, and customers.
 •    Follow policies and procedures as described in corporate manuals and directives.
 •    Attend work each day during scheduled work hours unless on approved travel or time off.
 •    Perform occasional travel to contractor and customer sites, as required (see WORKING CONDITIONS below).
 •    Work flexible hours, including occasional overtime.
 •    Carry out other duties as may be assigned or requested.
 
WORKING CONDITIONS
 Travel:
 •    May be required to travel using commercial air, USG air, and other conventional modes of transportation to Outside Continental United States and Continental United States (OCONUS and CONUS) locations in support of program meetings, reviews, audits and other activities held at Government and Contractor facilities.
 •    Shall travel unaccompanied and unsupervised.
 •    All travel (including plans, agenda, itinerary, and dates) requires prior approval by the EPASS CO for OCONUS travel or COR for CONUS travel.
 •    CONUS travel requests shall be submitted no later than ten business days prior to travel.
 •    Shall notify the EPASS CO or COR of the costs of air travel, and receive prior written approval when the use of other than least costly air travel is required to complete a Government-directed task.
 •    Shall submit a Trip Report upon return from travel. The trip report shall be submitted within 5 business days of return from earliest date of travel. At a minimum the trip report shall include: name of employee; date(s) of trip; site visited; trip purpose; relevant observations during trip.
 •    Check for additional OCONUS Travel Requirements for FAR clauses 52.228-3 and 52.228-4 that apply to OCONUS travel.
 
 Office Work Environment:
 •    Work is performed indoors with some potential risks to safety and health hazards related to electronics.

 QUALIFICATIONS:
 Education/Certifications/Experience/Skills:
 •    Shall have a working knowledge of the Risk Management Framework (RMF) process; information system concepts and principles; control families; media; equipment; equipment configuration; and related software systems, processes and procedures to assess and advise on vulnerability to attack from a variety of sources (e.g., hacking, disruption/denial of services, destructive programs/applications) and procedures and methods for protection of systems and applications.
 •    Assist in ensuring that personnel accessing information systems have the proper cybersecurity certification to perform cybersecurity functions in accordance with the current version of DoD 8570.01-M, Information Assurance Workforce Improvement Program, and AFM 33-285 Cybersecurity Workforce Improvement Program. This applies to those tasks supporting any cybersecurity function.
 •    Assist in preparation of corrective actions, when necessary, to enforce the requirements within DoD 8570.01.
 •    Must have Certification to IAM level II as defined in AFM 33-285 and DoD 8570.01 within 18 months and a Bachelor’s degree in a Science, Technology, Engineering, Math, Cybersecurity, or Computer Science field of study and at least 3 – 12 years’ experience specifically in cybersecurity or information assurance.
 •    Must possess an active DoD Secret Clearance
 •    Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel, and PowerPoint), Microsoft Internet Explorer, and other standard (Customer specified) applications.)
 •    Must be able to transport self to various facility sites, as required. If using own motor vehicle, must possess a valid driver’s license and proof of insurance.
 
 Physical Skills and Abilities:
 •    May require lifting up to 25 pounds.
 •    Requires visual acuity to use a keyboard.

PESystems Inc., is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for Employment without regard to race/ethnicity, color, religion, sex, national origin, ancestry, age, sexual orientation, gender identify, genetic information, marital status and disability (including physical or mental disability as well as pregnancy) veteran status or any other status protected by Federal State or local law.