|   |
Position Overview
The Contractor shall provide Cybersecurity Services throughout the cybersecurity lifecycle process for Information Systems (IS), Platform Information Technology (PIT), Information Technology (IT) Services, and IT products that are or will be assessed or assessed and authorized by Authorizing Officials (AOs) within the F-35 Enterprise. The contractor shall prepare materials for, and participate in, weekly staff meetings. The contractor shall perform all six steps of the RMF/JSIG processes as captured below, with a focus on Steps 4 and 5, Assessing Security Controls and Authorizing the System.
Duties and Responsibilites
Step 1: Categorize System. The Contractor shall participate, as required, in the system categorization of each system and maintain the formal decision document as a part of the F- 35 System's Security Assessment Package
Step 2: Select Security Controls. The Contractor shall provide assistance to the Information System Owner (ISO) in Security Control Traceability Matrix (SCTM) negotiations for formal tailoring of system security control requirements. The Contractor shall maintain the formal SCTM submission as part of the F-35 System's Security Assessment Package
Step 3: Implement Security Controls. The Contractor shall participate in Preliminary and Critical Design Reviews (PDR/CDR) to ensure proposed design and implementation of controls are in accordance with DoD cybersecurity standards and have not deviated from the tailored SCTM
Step 4: Assess Security Controls. The Contractor shall create a Security Assessment Report which shall encompass evaluation of all written artifacts within the formal Security Assessment Package submitted by the ISO, results of the Independent Validation and Verification (IV&V) test, and Security Assessment (SA) event
Step 5: Authorize System. The Contractor shall validate all required artifacts in the Information System Security Manager / Engineer (ISSM / ISSE) assembled Security Assessment Package are current and representative of the systems being presented for AO adjudication. The Contractor shall provide a formal written recommendation within the Security Assessment Report to the AO for review and final acceptance
Step 6: Monitor Security Controls. The Contractor shall evaluate Continuous Monitoring (ConMon) Plans and shall participate in Operational Assessments
Provide Security Control Assessment Services. The Contractor shall perform oversight of the development, implementation and evaluation of information system security program policy, with special emphasis placed upon integration of existing SAP network infrastructures. The Contractor shall perform analysis of network security, based upon the RMF Assessment and Authorization (A&A) process and advise customer on IT certification and accreditation issues. Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
Provide CS Specialist Services to F-35 Partners and FMS Security Professionals.
Contractor shall provide tasks that include but are not limited to: Provide Cybersecurity Specialist support to perform on-site cybersecurity compliance and oversight for Partner and/or FMS sites. Provide a full range of Information Assurance/Cybersecurity services which include but are not limited to: planning, developing, implementing, and maintaining programs, policies, and procedures to protect the integrity and confidentiality of systems, networks, and data; monitor the compliance of Partner/FMS participants with Authority to Operate (ATO) requirements for authorized F-35 information systems through on-site visits and email communication; develop, administer, and conduct cybersecurity training; train Partner/FMS personnel in cyber positions on cybersecurity best practices, procedures, industry standards, processes, and protocols; and participate in periodic meetings with Government entities to facilitate compliance activities being met, properly captured and reported.
System High values the power and strength of diverse backgrounds on the culture and performance of our company. We strive to maintain an inclusive culture to encourage each employee to bring their whole self to the mission.
Additional Information
Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.