Cybersecurity Engineer - AMMO

Job Description

Job Description

Solutions Through Innovative Technologies, Inc. (STI-TEC) specializes in the delivery of professional business and information management services. STI-TEC offers government and commercial clients a comprehensive portfolio of services that identify, manage, distribute and improve business processes related to entities’ most valued resource, information. As a fast-growing solutions provider, established in 2000, total customer satisfaction has remained the cornerstone of our business. Our business model focuses on integrity, loyalty, and trust.

Position Overview

The Advanced Framework for Simulation, Integration, and Modeling (AFSIM) is an innovative, open-source military simulation framework used extensively by the U.S. Department of Defense (DoD) and related communities. Managed by the U.S. Air Force Research Laboratory (AFRL), AFSIM supports scenario creation, analytical work, and virtual wargaming, benefiting from a collaborative user community across the military, government, industry, academia, and international partners. To enhance AFSIM's growth, the Department of the Air Force (DAF) is establishing a Model Management Office (MMO).

In this cutting-edge new MMO the Cybersecurity Engineer will enhance and maintain the cybersecurity posture of MMO products and services, to include AFSIM. The contractor shall advise or assist in developing a comprehensive assurance strategy to continuously identify and mitigate potential security vulnerabilities or weaknesses and promote a secure software development lifecycle

Essential Job Function

Cybersecurity Awareness

• Conduct training sessions to promote secure software development practices and raise awareness among developers about vulnerabilities, weaknesses, and exploits that pertain to relevant programming languages, technologies, libraries, or platforms.

Cybersecurity Strategy

• Advise or assist in the design, implementation, and maintenance of a secure software development approach capable of satisfying diverse cybersecurity risk profiles (i.e., across managed DoD networks and classification domains). This approach should balance assurance with speed, promote a secure by design paradigm, and provide the necessary evidence to underwrite a continuous Authority to Operate (cATO)

Continuous Monitoring

• Implement continuous monitoring to maintain DoD enterprise software certifications or Certificates to Field (CtFs). These certifications streamline the approval to use MMO products and services on enterprise DoD information networks to include NIPR, DREN, SIPR, SDREN, JWICS, and SAP networks
  • Monitor codebase changes as part of automated quality gates
  • Perform security audits to ensure the sufficiency of both manual and automated practices and procedures
  • Monitor third-party libraries for emerging vulnerabilities and weaknesses, particularly those vulnerabilities as identified in the public Common Vulnerabilities and Exposures (CVE) list
  • Participate in critical design or code reviews and inspections.

Vulnerability or Weakness Remediation

• Advise or assist in the tracking and remediation of potential vulnerabilities and weaknesses associated with MMO products or services
• Perform security impact assessments and communicate risk to stakeholders through Information Assurance Vulnerability Management (IAVM) channels

Incident Management and Response

• Advise or assist in the design, implementation, and maintenance of a cyber incident management and response plan
• Coordinate MMO response activities during training events, tabletop exercises, or real-world incidents

Continuous Authorization and Compliance

• Advise or assist in the preparation and generation of required cybersecurity assessment and/or authorization documentation related to MMO products and services
• Engage with enterprise processes or coordinate with Authorizing Officials (AOs), as required to secure appropriate product certifications or certificates to field

Minimum Qualifications

Education and Experience

• Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or a related discipline
• Minimum 7 Years of cybersecurity or a related field, with a demonstrated history of enhancing and maintaining cybersecurity postures for software products and services

Certifications

• Information Assurance System Architect and Engineer (IASAE) Level-II certification in accordance with AFMAN-17-1303 and DoD 8570.01-M
• Certified Information Systems Security Professional (CISSP) or similar certification is highly desirable

Experience with DoD Cybersecurity Protocols

• Proven experience working with or within DoD, Air Force Materiel Command (AFMC), or Air Force Research Laboratory (AFRL) is highly desirable

Cybersecurity Awareness

• Experience in conducting training sessions to promote secure software development practices and raising awareness about vulnerabilities and exploits

Cybersecurity Strategy

• Demonstrated ability to design, implement, and maintain secure software development approaches that balance assurance with speed and promote a secure by design paradigm

Continuous Monitoring

• Experience in implementing continuous monitoring to maintain DoD enterprise software certifications or Certificates to Field (CtFs)

Vulnerability or Weakness Remediation

• Proven ability to track and remediate potential vulnerabilities and weaknesses associated with software products or services

Incident Management and Response

• Experience in designing, implementing, and maintaining a cyber incident management and response plan

Continuous Authorization and Compliance

• Knowledge in preparing and generating required cybersecurity assessment and authorization documentation

Software Development Security

• Proficiency in secure software development practices and familiarity with programming languages, technologies, libraries, or platforms commonly used in DoD projects

Security Tools and Techniques

• Proficiency in using security tools and techniques such as automated quality gates, security audits, and vulnerability monitoring

Data Analysis and Reporting

• Strong analytical skills to monitor, analyze, and report on security incidents and compliance metrics

Documentation and Compliance

• Ability to prepare and review cybersecurity assessment and authorization documentation, ensuring compliance with all applicable laws, regulations, and security standards

Additional Requirements

• Top Secret SCI clearance and SAP eligibility

Desired Qualifications

• Master’s degree in a related field
  
  
  
  

Applicants selected may be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
STI-TEC is an equal opportunity employer and values diversity. Employment is decided on the basis of qualifications, merit, and business need. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, gender identity and sexual orientation.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, transfer, leaves of absence, compensation and training.
If you need assistance or an accommodation due to a disability, you may contact us at [email protected] or you may call us at 1+918.583.9900.


*This job posting is to identify potential candidates for positions in order to respond to a request for proposal. This job posting, including but not limited to, qualifications, duties, compensation and benefits, is subject to change based on the terms and conditions of the awarded contract and is contingent on STI-TEC being awarded the contract.