SMS is a fast growing, veteran-owned business that's has supported Federal Government's IT initiatives for over four decades. We work side-by-side with our Federal clients as a trusted, long-term partner to offer innovative advice and leadership to solve their most pressing and complex problems. We orchestrate people, strategies, technologies and best-of-breed business processes. The SMS advantage in management and technology consulting includes deep domain expertise in complex networking design and unifying communities of interest.
We have strong capabilities in design & build, planning, governance, quality management, security, analytics, virtualization, operations and business process improvement. For 40 years, SMS has brought customer satisfaction to Federal clients and formed lasting alliances with leading technology companies and talented small businesses to deliver joint, leading-edge, cost-effective services and products.
Submit your resume today!
-Support the Information System Security Manager (ISSM) and act as the primary cybersecurity technical advisor to the Program Manager (PM), Lead Engineer (LE) and Lead ISSM/ISSO.
-Act on behalf of the PM or the ISSM to maintain the authorization of the system throughout its lifecycle.
-Act as the Information Assurance Officer (IAO)/ISSO for the Weapon System.
-Provide support and technical expertise related to Defense in Depth principles and technology in security engineering designs and implementation.
-Provide Assessment and Authorization (A&A)/Certification & Accreditation (C&A) support to both Platform Information Technology (PIT) and Automated Information System (AIS) programs during the Sustainment lifecycle – including developing, modifying, reviewing or coordinating PIT determination packages, Cybersecurity Strategy formerly known as Information Assurance Strategy (IAS), Security Assurance Plan (SAP), System Security Plan (SSP) with supporting artifacts for program reviews and requests for proposals.
-Be responsible for achieving ATO for up to two major WS releases a year and 65 security assessments of new requirements a month.
-Execute the Cybersecurity Risk Framework Management Framework (RMF) to support A&A of assigned systems in accordance with DoDI 8500.01, Cybersecurity and DoDI 8510.01, Risk Management Framework. -Evaluate the technical implementation of the security design to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, accountability, and non-repudiation have been implemented as documented in the NIST 800-53, Rev4, CNSSI 1253, and DODI 8510.01.
-Analyze existing and future systems, reviewing security architectures against existing and future architectures, and developing engineering solutions that integrate information security requirements to proactively manage information protection throughout the system’s lifecycle.
-Apply security risk assessment methodology to system development, including assessing and auditing network infrastructure, antivirus deployment, risk analysis, executing security log analysis and reporting.
-Validate system security requirements, analysis compliance, and review/submit System Security Plans for enterprise-wide architectures.
-Conduct DoD Information Assurance Certification and Accreditation Process (DIACAP) C&A planning and testing and transition to Risk Management Framework (RMF) planning and testing to ensure all weapon system components have transitioned to RMF in accordance with AF RMF transition timelines. Conduct cybersecurity technical policy guidance and consultation for each component of the weapon system.
-Review required Program Office artifacts and make recommendations to support the cybersecurity RMF risk analysis and recommendation to the Security Control Assessor.
-Develop A&A documentation for each required system. As required, perform cybersecurity site audits to verify architecture analysis, cybersecurity requirements and compliance with applicable security controls, verify mitigation and/or adjudication actions, witness cybersecurity testing and evaluation, and to support final approval for an Interim Authorization to Test (IATT), Interim Authorization to Operate (IATO), Authorization to Operate (ATO), and Authorization to Connect (ATC).
-Document and report cybersecurity audit findings and recommendations for each deployed site to the PM, LE and ISSM.
-Manage DIACAP Certification and Accreditation (C&A) or RMF Authorization packages and assists in achieving ATO and ATC for all instances of the Weapon System.
-Maintain each accreditation or authorization and assist in achieving ATC/ATO for additional weapon system instances.
-Be responsible for ensuring the appropriate operational security posture is maintained for AF IT under their purview.
-Implement and enforce all AF cybersecurity policies, procedures, and countermeasures using the guidance within this instruction and applicable cybersecurity publications.
-Travel 10-15% per year.
SKILLS, EXPERIENCE, AND CERTIFICATIONS:
- A minimum of eight (8) years of experience, including work on large, complex programs; advanced degree in engineering, science, or business or two additional years of experience in place of an advanced degree; strong communication skills; self-motivated
- DoD 8570 IAM Level III certification required
- TS/SCI clearance required. Additional position requirements:
-Certification to an IAM Level III in accordance with DoDI 8570.01 and hold any of the following credentials: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or GIAC Security Leadership (GSLC).
- Shall be familiar with DoDI 8500.01, Cybersecurity, DODI 8510.01 Risk Management Framework, appropriate NIST Special Publications and Security Controls and the DoD A&A/C&A processes.
- Working knowledge of larger networks and AF Gateways and DoD GiG.
SMS is an Equal Opportunity Employer.
SMS is a veteran-owned network integrator established in 1976. With an employee retention rate averaging over 5 years, our ability to hire quality people and retain them in a rapidly evolving IT market proves why we are a world-class information technology company. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proud to be ISO 9001:2008 Registered and a CMMI Level 3 certified company, ensuring that we continue to meet and exceed the expectations of our customers, partners and employees.