Overview:
Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.
Responsibilities:
The Chief Information Security Officer (CISO) provides world class risk assessment services to protect the sponsor systems from cyber intrusion and misuse. The sponsor seeks a Project Manager for Cyber Security to provide expertise and suggestions for process improvement to streamline complex processes that affect multiple groups.
In addition, the incumbent will be performing independent technical reviews that reviews the work of project teams, Information System Security Engineers, Information System Security Managers (ISSMs), and assessor(s) and Quality Assurance personnel. These Technical Reviews are a critical component of the accreditation process for systems.
The Project Manager for Cyber Security Assessments will provide:
- Programmatic Support to the Cyber Assessments Front Office
- Assisting sponsor leadership in implementing and managing the sponsor Project Management Framework (PMF).
- Providing assistance to sponsor leadership in tracking project status, timelines, and identifying key deliverables and the appropriate stakeholders.
- Providing guidance and assurance towards consistent implementation of PMF fundamentals towards sponsor offices subcomponents
- Analyzing and suggesting ways to continue to provide quality assessments given a changing technical landscape and availability of tools in the Cloud and other virtual-based computing environments.
- Providing ad hoc meeting facilitation and technical documentation/recording of actions.
- Assisting with office and organization-wide communications efforts, as needed.
The time spent performing programmatic support is estimated to be 60-65% and will require the contractor to work closely with senior leadership towards implementation. This task will be expected to coordinate closely with sponsor officer senior leadership and subcomponent leadership to ensure quality and consistency in PMF implementation and support.
- Independent Technical Reviews of information system submissions in the sponsor's system of record, to include:
- Recording recommended courses of action for senior leadership on each failed control. Each system coming through the system of record for authorization may have tens of failed controls which need adjudication.
- Reviewing in the system of record control submissions from project teams, their Information System Security Manager (ISSM), and the assessor(s)/quality assurance (QA) to recommend an appropriate course of action (e.g. Risk Acceptance (RA) or Plan of Actions and Milestones (POA&M))
- Examining the body of evidence (BOE) provided by the system owner, the specific recommendation from the ISSEM and the Assessor(s) views to form an independent opinion on whether or not each failed control should proceed to the Chief Information Security Officer (CISO) queue in the system of record with a recommendation for RA or POA&M.
The time spent performing technical reviews is estimated to be 30-35% and will require the contractor to view themselves as an independent expert recommending risk mitigation plans to senior leadership. This position is expected to require minimal external coordination and more time in the system of record recording independent judgement.
Qualifications:
- Must possess and be able to maintain a TS/SCI clearance with Polygraph.
- A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
- BS 10-12, MS 8-10, PhD 5-7
- Demonstrated experience with various cybersecurity related items to include Authorizations to Operate (ATOs), Authorization & Accreditations (A&As), and User Activity Monitoring (UAM).
- Demonstrated ability to apply critical thinking and use investigative mindset to comprehensively conduct technical reviews, evaluations, assessments of technical solutions.
- Exceptional written, presentation, and oral communications skills.
- Extensive knowledge and demonstrated experience in cloud-based computing environment supporting and administering cloud products & services.
- Firm understanding of how to leverage SecDevOps & Agile methodologies.
- Experience setting up, configuring, and troubleshooting network services, equipment, and devices such as switches, routers, servers, firewalls, etc.
- In-depth knowledge of cybersecurity, cloud computing (esp. AWS) and data/application security technologies.
- Have a record of securing various manufacturers' solutions such as Windows and Linux to an enterprise level.
- Solid understanding of role-based access control (RBAC), hardening of operating systems, and documentation.
- Demonstrated experience working and interacting with other engineering groups to define, document, analyze, perform, and interpret tests of products, systems, or components.
- The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.
- Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence.
- Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
- Knowledge of computing design concepts and implementation.
- Knowledge of network defense monitoring tools and systems.
Desired Qualifications:
- Experience securing legacy, hybrid, and cloud-based solutions.
- CISSP certification or similar cyber security training and certificates.
- Familiarity with sponsor tools, system of record for A&As, regulations.
- Ability to provide technical cyber security guidance.
- Ability to convey technical information to non-technical individuals.
- Ability to create complex system designs, resolving engineering problems, and propose preventative strategies.
- Ability to work in a dynamic and challenging environment.
EEO Statement:
EEO
Arcfield proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.