Application & More Information
Tampa
Role and Responsibilities
Summary
The Cybersecurity Specialist implements the Risk Management Framework for assessment and authorization of cloud based applications and simulator training systems. The primary role of the candidate is to ensure compliance with National Institute of Standards and Technology (NIST) Special Publications (800 -37, 800-53, 800-171) and Department of Defense (DoD) Instructions 8500.01 Cybersecurity and 8510.01 Risk Management Framework. The Cybersecurity Specialist requires ability to develop plans and procedures, conduct vulnerability and compliance scanning, assess and implement security controls, and develop plans of actions and milestones to resolve information security vulnerabilities. The candidate’s role is to support the Information Security staff in the continuous monitoring of information systems ensuring that the authorized security posture is maintained.
Essential Duties and Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Maintain a clear understanding of NIST and DoD Cybersecurity and Information Assurance instructions
- Assess and implement operational, management and technical security controls and make recommendations and proposals for correcting deficiencies; develop compensating controls for information security deficiencies
- Assist with developing or updating of Information Security related plans, procedures, work methods and documentation
- Review current programs and define the steps needed for meeting the applicable cybersecurity and information assurance instructions. This includes detailed planning of all aspects of IA Compliance
- Conduct information security vulnerability and compliance scanning using the DoD’s Assured Compliance Assessment Solution (ACAS) (Tenable Security Center and Nessus Software)
- Produce information security vulnerability scanning reports and develop Plans of Action and Milestones (POA&Ms) to resolve information security vulnerabilities
- Support, monitor, test and troubleshoot hardware and software cybersecurity issues and patches
- Apply computer changes to comply with DoD Security Technical Implementation Guides (STIGs)
- Application of DoD Information Assurance Vulnerability Management Program (IAVM)
- Work closely with information technology staff to define required tasks to be accomplished to meet IA instructions
- Work closely with customers to define program IA requirements.
- Writing Information Assurance documents to define plans and scope of IA requirements.
- Write Proposal sections to explain how CAE will meet IA instructions.
- Operating system level setup of computers to implement controls and apply patches to eliminate vulnerabilities.
- Perform other administrative functions/duties as assigned
Qualifications and Education Requirements
- B.S. degree in Computer Science, Computer Engineering, Information Technology, Electrical Engineering or other technical equivalent
- Five to eight years of related experience, or an equivalent combination of education and related experience. USAF experience highly desired.
- DoD 8570.01-M Information Assurance Technical level II (IAT II) Certification
- Familiarity with DFARS 252.204-7012 Safeguarding Covered Defense Information requirements and NIST SP 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- Familiarity with DoD’s Cybersecurity RMF Assessment and Authorization processes
- Familiarity with NIST SP 800-37 Guide for Applying the Risk Management Framework and NIST SP 800-53 R4 Security and Privacy Controls for Federal Information Systems and Organizations
- Prior experience in operating system setup and updates to apply patches to mitigate information security vulnerabilities.
- Related skill areas should include technical writing and presentation skills.
- Excellent written and verbal communication skills are required. Analytical and mathematical modeling ability.
- Ability to read, analyze, and interpret professional journals, technical procedures, or governmental regulations.
- Ability to write reports, business correspondence, and procedure manuals.
- Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.
- Should be familiar with and able to support Engineering or Operations staff on any type and sub-component of training devices.
- The types of devices that will be encountered include full flight motion devices, maintenance training devices, and fixed base training devices.
- Ability to travel domestically and internationally
IAT-II Requirements DoD 8570.01-M
T-II.1. Demonstrate expertise in IAT Level I CE knowledge and skills.
T-II.2. Examine potential security violations to determine if the NE policy has been breached, assess the impact, and preserve evidence.
T-II.3. Support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the NE
T-II.4. Recommend and schedule IA related repairs in the NE.
T-II.5. Perform IA related customer support functions including installation, configuration, troubleshooting, customer assistance, and/or training, in response to customer requirements for the NE.
T-II.6. Provide end user support for all IA related applications for the NE.
T-II.7. Analyze patterns of non-compliance and take appropriate administrative or programmatic actions to minimize security risks and insider threats.
T-II.8. Manage accounts, network rights, and access to NE systems and equipment.
T-II.9. Analyze system performance for potential security problems.
T-II.10. Assess the performance of IA security controls within the NE.
T-II.11. Identify IA vulnerabilities resulting from a departure from the implementation plan or that were not apparent during testing.
T-II.12. Provide leadership and direction to IA operations personnel.
T-II.13. Configure, optimize, and test network servers, hubs, routers, and switches to ensure they comply with security policy, procedures, and technical requirements.
T-II.14. Install, test, maintain, and upgrade network operating systems software and hardware to comply with IA requirements.
T-II.15. Evaluate potential IA security risks and take appropriate corrective and recovery action.
T-II.16. Ensure that hardware, software, data, and facility resources are archived, sanitized, or disposed of in a manner consistent with system security plans and requirements.
T-II.17. Diagnose and resolve IA problems in response to reported incidents.
T-II.18. Research, evaluate, and provide feedback on problematic IA trends and patterns in customer support requirements.
T-II.19. Ensure IAT Level I personnel are properly trained and have met OJT program requirements.
T-II.20. Perform system audits to assess security related factors within the NE.
T-II.21. Develop and implement access control lists on routers, firewalls, and other network devices.
T-II.22. Install perimeter defense systems including intrusion detection systems, firewalls, grid sensors, etc., and enhance rule sets to block sources of malicious traffic.
T-II.23. Work with other privileged users to jointly solve IA problems.
T-II.24. Write and maintain scripts for the NE.
T-II.25. Demonstrate proficiency in applying security requirements to an operating system for the NE or CE used in their current position.
T-II.26. Implement applicable patches including IAVAs, IAVBs, and TAs for their NE.
T-II.27. Adhere to IS security laws and regulations to support functional operations for the NE.
T-II.28. Implement response actions in reaction to security incidents.
T-II.29. Support the design and execution of exercise scenarios.
T-II.30. Support Security Test and Evaluations (Part of C&A Process).
T-II.31. Obtain and maintain IA certification appropriate to position.
Certificates, Licenses, Registrations.
DoD 8570.01-M Information Assurance Technician (IAT) Level II Approved Baseline Certification
**At least one certification MUST be from this list
- CCNA Security**
- CySA+ **
- GICSP**
- GSEC**
- Security+ CE**
- SSCP**
Security Responsibilities
Must comply with all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources.
• Incumbent must be eligible for DoD Personal Security Clearance
Work Environment and Physical Demands
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
- Work is performed in an environment where irritants such as noise from telephones, temperature and lighting variations may exist, but there is little chance of injury, accident or occupational health problems.
- Works at job activities that require sitting, standing or walking for short periods throughout the day and focused visual concentration or focused listening
- Moderate to high levels of stress, associated with technical, schedule, and customer issues are to be expected with this position. Extended work hours and possible 2nd and 3rd shift assignments are likely to be encountered.
- May be required to sit down for long lengths of time.
- May be required to climb stairs.
- Must be able to travel CONUS and to International sites and work overtime as necessary
- Must be able to climb stairs to enter and exit a simulator
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.
CAE USA Inc. is an EOE/AA employer and gives consideration for employment to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you’d like more information about your EEO rights as an applicant under the law, please click here EEO is the Law poster.
PAY TRANSPARENCY NONDISCRIMINATION PROVISION The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
#LI-BF1
Position Type
Regular
CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.
Equal Employment Opportunity
At CAE, everyone is welcome to contribute to our success. With no exception.
As captured in our overarching value “One CAE”, we’re proud to work as one passionate, boundaryless and inclusive team.
At CAE, all employees are welcome regardless of race, nationality, colour, religion, sex, gender identity or expression, sexual orientation, disability or age.
The masculine form may be used in this job description solely for ease of reading, but refers to men, women and the gender diverse.
The post CAE – Cybersecurity Specialist II appeared first on Cyber Florida: The Florida Center for Cybersecurity.