Yesterday
Top Secret/SCI
Early Career (2+ yrs experience)
$150,000 and above
25%
IT - Security
Honolulu, HI (On-Site/Office)
Overview
This position works directly for the PACAF Defensive Cyber Operations and Mission Assurance Branch but works with various PACAF AOR personnel to execute the following duties and responsibilities. The position shall provide expert support, analysis and research into exceptionally complex problems, and processes relating to PACAF Theater Vulnerability Management.
**This position is pending contract award. It will involve travel to various OCONUS sites**
Responsibilities
Analyzes PACAF AOR cyber security posture reports.
Provides PACAF cyber units expertise and fix action guidance.
Interfaces with base cyber units and provides PACAF leadership a depiction of PACAF Wings ability to:
Scan Assured Compliance Assessment Solution (ACAS)
Mitigate (via MS System Center Configuration Management (SCCM)/MS Endpoint Configuration Manager (MECM))
Maintain Host Based point products mandated by the DoD (End Point Security formerly known as HBSS)
Maintains proficiency on current and future End Point Security assessment tools.
Assists PACAF cyber field support team with Vulnerability Management (VM).
Provide and/or coordinate vulnerability mentor training (virtual or on-site) to PACAF bases as requested.
Creates and maintains cyber security/VM management training documentation.
Interfaces with cyber security technicians/ISSMs to maintain up-to-date reporting to keep PACAF compliant.
Maintains command wide SCCM & MECM health status.
Coordinate with Vulnerability Management teams upon scan result analysis:
Identify patching issues/troubleshooting way ahead
Produce report to chain of command informing of patching status
Analyzes & produces command wide NIPRNet & SIPRNet weighted vulnerability indicator scores.
Produces & disseminates cyber security/vulnerability reports to PACAF staff containing current MAJCOM security posture.
Utilizes CORA reports from the DISA J3 website on SIPRNet to advise PACAF Cybersecurity staff of findings and level of risk.
Assists with cyber operations briefs by preparing and briefing command-wide statuses to the PACAF Director of Air and Cyberspace Operations.
Creates and conducts PACAF compliance update briefs on command wide cyber security status and assist with troubleshooting cyber security short falls.
Assists with creating TASKORDs to raise PACAF cyber security posture.
Tracks status of VM POAMs until completion and reports at risk POAMs to PACAF leadership.
Augments CRR-M team as required.
Maintain Internet Protocol (IP) space and asset lists to cover 100% base assets.
Maintain MAJCOM ACAS Account with auditing role in order to analyze and produce vulnerability metrics
Maintain SIPRNet PROD Account in order to provide command wide SCCM/MECM patching analysis on SIPRNet
Maintain ELICSAR Account for situational awareness of cybersecurity toolsets used in PACAF
Maintain AFNET Compliance Tracker Account in order to maintain situational awareness of CTOs, MTOs, TCNOs pertaining to vulnerability management
Provides Government Representative:
Contract Personnel Roster
Updates to contractor availability
Contract Invoices & Funding Expenses
Monthly Status Report (MSR)
Contractor’s Non-Disclosure Agreements (NDA)
Kick-Off Brief & Close-Out Brief
Transition Brief
Assistance with processing contractors travel requirements
Track contract:
Labor/Events/Workload/Travel schedule & expenses
Metrics of Program for Yearly Closeout
Provides Cybersecurity SME contractors assistance with:
Common Access Card (CAC) ID processing and renewals
Building Badge processing and renewals
DD254
TS/SCI processing and renewals
Synchronized Pre-deployment and Operational Tracker (SPOT) processing
Financial preparation
Letters of Identification
Travel Estimates/Schedule
Ensure all contractors follow all applicable commercial, and government/military standards which include, but are not limited to the following:
Department of Defense Instruction 8500.01, Cybersecurity
Department of Defense Instruction 8510.01, RMF for DoD Systems
Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems
National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
National Institute of Standards and Technology Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans
National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View
National Institute of Standards and Technology Special Publication 800-30, Guide for Conducting Risk Assessments
All applicable DISA STIGs and Security Review Guides (SRGs)
Air Force Instruction (AFI), 17-130 Cyber Security Program Management
AFI 17-101, RMF for Air Force Information Technology (IT)
AFI 17-110, Information Technology Portfolio Management and Capital Planning and Investment Control
Where existing commercial or military standards allow for options or are undefined, the Contractor shall make written recommendations to the Government. Upon acceptance of the recommendation by the Government, it will be incorporated as a PACAF standard for implementation.
Qualifications
General Position Requirements
TS/SCI security clearance
DoD 8140, the DoD Cyber Workforce Manual
Anyone (1) of the following:
Advanced - CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSN or
DoD 8570.1-M certified at IAT Level 3 - Anyone (1) of the following:
CASP+ CE
CISA
CISSP (or Associate)
CCSP
Have 2-3 years of experience and the skills required to execute Federal, National, DoD, USAF CIO, and US State Department Requirements to be able to assess cyber risk, identify mission sets, and defend the mission.
Have 2-3 years of experience of applying, assessing, and advising MAJCOM staff and Wings on cybersecurity requirements.
Understand the AF Cyber architecture and PACAF MOBs and GSUs roles.
Ability to travel to PACAF MOBs and GSUs to conduct duties and responsibilities at a maximum up to 40% of the time.
Proficiency in Microsoft Office Suite products and SharePoint collaborative tools.
Training highly preferred prior to starting; however, must have the ability to obtain within 3 days of starting and maintain certificates of completion for the following training:
Level 1 Anti-Terrorist Training - within the past year
Level A Survival, Evasion, Resistance, and Escape (SERE) Training - within the past 1-2 years
USFK Training - no time requirement (only required to be taken once)
DoD Cyber Awareness Challenge - within the past year
Operations Security (OPSEC) Awareness - within the past year
Derivative Classification IF103.16 - within the past year
Force Protection - within the past year
COR will provide update website addresses to the above that may change.
Theater Vulnerability Analyst Requirements
Have 3-4 years of experience conducting Network Vulnerability Engineering functions.
Expertise in the following DoD, AF, DISA, NIST, NIAP and PACAF processes:
3-4 years of experience of DoD approved Scanning Tools (e.g., ACAS)
3-4 years of experience of Microsoft SCCM & MECM
Familiarization of End Point Security Point Product requirements
Ability to analyze and develop cyber vulnerability information into an understandable presentation.
Proficiency in Microsoft Office Suite products and SharePoint collaborative tools to build trend analysis.
In-depth experience with DISA STIGs and by-product analysis.
Knowledge, Skills and Abilities
Ability to maintain view rights to SIPRNet and NIPRNet vulnerability tools to analyze and compile data for leadership.
In-depth understanding of current vulnerability management practices and processes, including scanning, patching, and metric reporting, with the ability to stay updated on evolving tools, techniques, and industry standards.
Knowledge and understanding of USAF Methods and Procedures Technical Order (MPTO) 00-33-1109A, USCYBERCOM Computer Network Defense (CND), Common Vulnerabilities and Exposures (CVE), Directives, Task Orders (TASKORDs), Operational Orders (OPORDs), and Information Assurance Vulnerability Management (IAVM) programs and a like.
Understanding of Host Base Security System (HBSS), Trelix, and Microsoft Defender for Endpoint (MDE):
How to produce asset lists to identify devices capable of hosting an ESS agent.
How to produce asset lists to identify devices not capable of hosting an ESS agent (whitelists).
How to analyze client health status and courses of action to resolve discrepancies.
Experience conducting discovery scans to identify unknown base assets.
Experience dissecting complex data sets, identify patterns, and draw actionable conclusions to assess vulnerabilities and recommend mitigation strategies.
Experience maintaining scanning credentials to achieve 98% access rate on base assets to include Program Management Office (PMO) systems IAW ACAS BPG.
Experience conducting vulnerability scanning via ACAS/Tenable.sc on 100% of assets during assigned scan schedule.
Ability to develop innovative solutions to mitigate identified vulnerabilities, balancing resource constraints and operational needs.
Experience with email, and other collaboration platforms to include but not limited to MS Teams group chats, MS SharePoint site, and VoIP/VTC endpoints.
Proficiency with the latest Microsoft tool suite (i.e., PowerPoint, Excel, Word, etc.).
Ability to lead collaboration efforts effectively across the PACAF AOR.
Ability to brief technical information to both technical and non-technical audiences.
Experience briefing senior leaders and large audiences.
Excellent Communication skills (Written and Verbal)
Ability to Lead
An understanding of the organizational and functional layout of Pacific Air Forces (PACAF) command structure within its Area of Responsibility (AOR) to include Combatant Commands, Wings, Groups, Squadrons, tenant units, GSUs and MOBs.
Proficiency time management
Proficiency in critical analysis, decision making and problem-solving.
Comprehensive understanding of DOD cybersecurity frameworks and policies for identifying, analyzing, and prioritizing potential threats and impact to theater and mission operations, and intel-based response recommendations (i.e. MITRE Att&ck Framework, Cyber Threat Bulletins (CTBs) NIST CSF, CJCSI 3020.45B & OPORD 8600.24, TASKORD 17-0106.)
Pay Range
USD $170,000.00 - USD $190,000.00 /Yr.
This position works directly for the PACAF Defensive Cyber Operations and Mission Assurance Branch but works with various PACAF AOR personnel to execute the following duties and responsibilities. The position shall provide expert support, analysis and research into exceptionally complex problems, and processes relating to PACAF Theater Vulnerability Management.
**This position is pending contract award. It will involve travel to various OCONUS sites**
Responsibilities
Analyzes PACAF AOR cyber security posture reports.
Provides PACAF cyber units expertise and fix action guidance.
Interfaces with base cyber units and provides PACAF leadership a depiction of PACAF Wings ability to:
Scan Assured Compliance Assessment Solution (ACAS)
Mitigate (via MS System Center Configuration Management (SCCM)/MS Endpoint Configuration Manager (MECM))
Maintain Host Based point products mandated by the DoD (End Point Security formerly known as HBSS)
Maintains proficiency on current and future End Point Security assessment tools.
Assists PACAF cyber field support team with Vulnerability Management (VM).
Provide and/or coordinate vulnerability mentor training (virtual or on-site) to PACAF bases as requested.
Creates and maintains cyber security/VM management training documentation.
Interfaces with cyber security technicians/ISSMs to maintain up-to-date reporting to keep PACAF compliant.
Maintains command wide SCCM & MECM health status.
Coordinate with Vulnerability Management teams upon scan result analysis:
Identify patching issues/troubleshooting way ahead
Produce report to chain of command informing of patching status
Analyzes & produces command wide NIPRNet & SIPRNet weighted vulnerability indicator scores.
Produces & disseminates cyber security/vulnerability reports to PACAF staff containing current MAJCOM security posture.
Utilizes CORA reports from the DISA J3 website on SIPRNet to advise PACAF Cybersecurity staff of findings and level of risk.
Assists with cyber operations briefs by preparing and briefing command-wide statuses to the PACAF Director of Air and Cyberspace Operations.
Creates and conducts PACAF compliance update briefs on command wide cyber security status and assist with troubleshooting cyber security short falls.
Assists with creating TASKORDs to raise PACAF cyber security posture.
Tracks status of VM POAMs until completion and reports at risk POAMs to PACAF leadership.
Augments CRR-M team as required.
Maintain Internet Protocol (IP) space and asset lists to cover 100% base assets.
Maintain MAJCOM ACAS Account with auditing role in order to analyze and produce vulnerability metrics
Maintain SIPRNet PROD Account in order to provide command wide SCCM/MECM patching analysis on SIPRNet
Maintain ELICSAR Account for situational awareness of cybersecurity toolsets used in PACAF
Maintain AFNET Compliance Tracker Account in order to maintain situational awareness of CTOs, MTOs, TCNOs pertaining to vulnerability management
Provides Government Representative:
Contract Personnel Roster
Updates to contractor availability
Contract Invoices & Funding Expenses
Monthly Status Report (MSR)
Contractor’s Non-Disclosure Agreements (NDA)
Kick-Off Brief & Close-Out Brief
Transition Brief
Assistance with processing contractors travel requirements
Track contract:
Labor/Events/Workload/Travel schedule & expenses
Metrics of Program for Yearly Closeout
Provides Cybersecurity SME contractors assistance with:
Common Access Card (CAC) ID processing and renewals
Building Badge processing and renewals
DD254
TS/SCI processing and renewals
Synchronized Pre-deployment and Operational Tracker (SPOT) processing
Financial preparation
Letters of Identification
Travel Estimates/Schedule
Ensure all contractors follow all applicable commercial, and government/military standards which include, but are not limited to the following:
Department of Defense Instruction 8500.01, Cybersecurity
Department of Defense Instruction 8510.01, RMF for DoD Systems
Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems
National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
National Institute of Standards and Technology Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans
National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View
National Institute of Standards and Technology Special Publication 800-30, Guide for Conducting Risk Assessments
All applicable DISA STIGs and Security Review Guides (SRGs)
Air Force Instruction (AFI), 17-130 Cyber Security Program Management
AFI 17-101, RMF for Air Force Information Technology (IT)
AFI 17-110, Information Technology Portfolio Management and Capital Planning and Investment Control
Where existing commercial or military standards allow for options or are undefined, the Contractor shall make written recommendations to the Government. Upon acceptance of the recommendation by the Government, it will be incorporated as a PACAF standard for implementation.
Qualifications
General Position Requirements
TS/SCI security clearance
DoD 8140, the DoD Cyber Workforce Manual
Anyone (1) of the following:
Advanced - CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSN or
DoD 8570.1-M certified at IAT Level 3 - Anyone (1) of the following:
CASP+ CE
CISA
CISSP (or Associate)
CCSP
Have 2-3 years of experience and the skills required to execute Federal, National, DoD, USAF CIO, and US State Department Requirements to be able to assess cyber risk, identify mission sets, and defend the mission.
Have 2-3 years of experience of applying, assessing, and advising MAJCOM staff and Wings on cybersecurity requirements.
Understand the AF Cyber architecture and PACAF MOBs and GSUs roles.
Ability to travel to PACAF MOBs and GSUs to conduct duties and responsibilities at a maximum up to 40% of the time.
Proficiency in Microsoft Office Suite products and SharePoint collaborative tools.
Training highly preferred prior to starting; however, must have the ability to obtain within 3 days of starting and maintain certificates of completion for the following training:
Level 1 Anti-Terrorist Training - within the past year
Level A Survival, Evasion, Resistance, and Escape (SERE) Training - within the past 1-2 years
USFK Training - no time requirement (only required to be taken once)
DoD Cyber Awareness Challenge - within the past year
Operations Security (OPSEC) Awareness - within the past year
Derivative Classification IF103.16 - within the past year
Force Protection - within the past year
COR will provide update website addresses to the above that may change.
Theater Vulnerability Analyst Requirements
Have 3-4 years of experience conducting Network Vulnerability Engineering functions.
Expertise in the following DoD, AF, DISA, NIST, NIAP and PACAF processes:
3-4 years of experience of DoD approved Scanning Tools (e.g., ACAS)
3-4 years of experience of Microsoft SCCM & MECM
Familiarization of End Point Security Point Product requirements
Ability to analyze and develop cyber vulnerability information into an understandable presentation.
Proficiency in Microsoft Office Suite products and SharePoint collaborative tools to build trend analysis.
In-depth experience with DISA STIGs and by-product analysis.
Knowledge, Skills and Abilities
Ability to maintain view rights to SIPRNet and NIPRNet vulnerability tools to analyze and compile data for leadership.
In-depth understanding of current vulnerability management practices and processes, including scanning, patching, and metric reporting, with the ability to stay updated on evolving tools, techniques, and industry standards.
Knowledge and understanding of USAF Methods and Procedures Technical Order (MPTO) 00-33-1109A, USCYBERCOM Computer Network Defense (CND), Common Vulnerabilities and Exposures (CVE), Directives, Task Orders (TASKORDs), Operational Orders (OPORDs), and Information Assurance Vulnerability Management (IAVM) programs and a like.
Understanding of Host Base Security System (HBSS), Trelix, and Microsoft Defender for Endpoint (MDE):
How to produce asset lists to identify devices capable of hosting an ESS agent.
How to produce asset lists to identify devices not capable of hosting an ESS agent (whitelists).
How to analyze client health status and courses of action to resolve discrepancies.
Experience conducting discovery scans to identify unknown base assets.
Experience dissecting complex data sets, identify patterns, and draw actionable conclusions to assess vulnerabilities and recommend mitigation strategies.
Experience maintaining scanning credentials to achieve 98% access rate on base assets to include Program Management Office (PMO) systems IAW ACAS BPG.
Experience conducting vulnerability scanning via ACAS/Tenable.sc on 100% of assets during assigned scan schedule.
Ability to develop innovative solutions to mitigate identified vulnerabilities, balancing resource constraints and operational needs.
Experience with email, and other collaboration platforms to include but not limited to MS Teams group chats, MS SharePoint site, and VoIP/VTC endpoints.
Proficiency with the latest Microsoft tool suite (i.e., PowerPoint, Excel, Word, etc.).
Ability to lead collaboration efforts effectively across the PACAF AOR.
Ability to brief technical information to both technical and non-technical audiences.
Experience briefing senior leaders and large audiences.
Excellent Communication skills (Written and Verbal)
Ability to Lead
An understanding of the organizational and functional layout of Pacific Air Forces (PACAF) command structure within its Area of Responsibility (AOR) to include Combatant Commands, Wings, Groups, Squadrons, tenant units, GSUs and MOBs.
Proficiency time management
Proficiency in critical analysis, decision making and problem-solving.
Comprehensive understanding of DOD cybersecurity frameworks and policies for identifying, analyzing, and prioritizing potential threats and impact to theater and mission operations, and intel-based response recommendations (i.e. MITRE Att&ck Framework, Cyber Threat Bulletins (CTBs) NIST CSF, CJCSI 3020.45B & OPORD 8600.24, TASKORD 17-0106.)
Pay Range
USD $170,000.00 - USD $190,000.00 /Yr.
group id: 91126217
