DMS International is a consulting, information technology and training company headquartered in Silver Spring, Maryland. At DMS our quality policy is to be among the "best in class" providers of management and information technology consulting services in partnership with our customers. We hire professionals who take pride in doing quality work and who are committed to the customer.
DMS recruits candidates that possess and display the attributes that reflect the DMS Core Values of:
* Quality in delivering solutions,
* Integrity in conduct, and
* Responsiveness to our customer’s mission.
The Systems Engineering and Integration Contract II (SEIC II) Program has a requirement for an Information Systems Security Policy Engineer (ISSPE) to provide Cybersecurity engineering support to the Airspace Mission Planning Division, Hanscom AFB MA and its Operating Location at Eglin AFB, FL. The Information Systems Security Policy Engineer’s principal responsibility is successful Security Certification & Accreditation (C&A) of Mission Planning software applications, within planned cost and schedule. These Mission Planning software applications are in use today by Air Force and Navy aviation mission planners, and operate on various DoD networks, closed networks and stand-alone systems.
- Researching, developing, implementing, testing, and reviewing hardware/software information security requirements (IAW DoD/NIST Risk Management Framework) to protect information and prevent unauthorized access. In this role, the ISSPE will direct the contracting team on security measures, explain potential threats, implement security measures and monitor applications in order to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases.
- Support the government program office’s Information Assurance team with Authorization to Operate (ATO) and Authority to Connect (ATC) certifications, required for software releases.
- Hardening of Operating Systems, applications, and network infrastructure using Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations, and Information Assurance Vulnerability Alerts (IAVA)
- Reviewing existing system-specific Security Controls Test Matrix (SCTM), Risk Assessment Report, Plan of Action and Milestones (POA&M), System Security Plans (SSP), Application Security and Development Checklists, and other artifacts supporting software certification and accreditation in accordance with RMF and JSIG to identify areas for Enterprise Cybersecurity & Cyber Resiliency opportunities for improvement.
- Working closely with the Chief Engineer to establish a system security engineering (SSE) process to plan, organize and manage efforts to achieve maximum system cybersecurity, cyber resiliency and survivability.
- Working with self-signed certificates and DoD PKI.
- Working with Windows OS, SELinux, puppet, iptables, and cryptographic modules.
- Contribute to Program Protection planning, Anti-tamper planning and identification of Critical Program Information (CPI).
Security Clearance: Must currently possess a SECRET clearance. Must be able to obtain a TOP SECRET clearance.
Education: Bachelor's degree in Computer Science, Information Security, Electrical Engineering or a related scientific/technical discipline and 8+ years of Security Engineering or related experience.
- DoD 8570 Level III Certification, e.g.: Certified Information Systems Security Professional (CISSP) designation.
- Understanding of DoD 8510, NIST 800.53 Risk Management Framework, and CNSSI 1253
- Ability to manage and provide cybersecurity products to multiple project teams executing concurrently, in accordance with each project’s schedule.
Education: Advanced degree preferred
- Experience in leading C&A processes in accordance with DoD policy, standards & guidelines.
- Technical knowledge of computer networking and computer security protocols, and prior hands-on implementation of network and software security controls.