Cybersecurity System Integrity Engineering Support Senior F-16 W

Overview

At Credence, we support our clients' mission-critical needs, powered by technology. We provide cutting-edge solutions, including AI/ML, enterprise modernization, and advanced intelligence capabilities, to the largest defense and health federal organizations. Through partnership and trust, we increase mission success for warfighters and secure our nation for a better future.

We are privately held, are repeatedly recognized as a top place to work, and have been on the Inc. 5000 Fastest Growing Private Companies list for the last 12 years. We practice servant leadership and believe that by focusing on the success of our clients, team members, and partners, we all achieve greater success.

Credence has an immediate opening for a Cybersecurity System Integrity Engineering Support at the senior level who will be primarily responsible for supporting the Air Force Life Cycle Management Center WAM (AFLCMC/WAM) directorate, F-16 division at Hill AFB, UT.

F-16 "Viper" AFLCMC/WAM is headquartered at Hill Air Force Base with units located at Wright-Patterson Air Force Base, Tyndall Air Force Base, Eglin Air Force Base, and Davis-Monthan Air Force Base. The F-16 "Viper" is a multi-role fighter jet delivering air-to-air, air-to-ground, and surveillance capabilities for the United States Air Force (USAF) and Coalition Partners.

The F-16 program has the largest Foreign Military Sales (FMS) program in U.S. history producing over 4,500 jets for 24 countries. Each F-16 FMS case is uniquely tailored to country requirements / development / funding. Presently, FMS production orders exist through 2030. Additionally, the F-16 program includes the Multi-National Fighter Program (MNFP). MNFP is not a typical FMS program, but a unique, cooperative USAF and development program implemented through the FMS process under the framework of a Memorandum of Understanding (MOU). MNFP began in 1975 with the countries of Belgium, Denmark, the Netherlands, and Norway; Portugal joined in 200.

Responsibilities include, but are not limited to the duties listed below:

• Will support to assure compliance to the most current revision of the Cybersecurity directives applicable to PIT and non-PIT systems being supported to include DoD Risk Management Framework (RMF), DoD Instruction 8500.01, Intelligence Community Directive (ICD) 503, Unified Facilities Criteria (UFC) 4-010-06, NIST SP 800-53 Revision 5, directives/guidance identified in the Program Protection Plan (PPP) and/or DoD Instruction 5200.48.
• Will provide Cybersecurity and IA support to assigned systems to includes developing, modifying, reviewing or coordinating PIT determination packages, IAS, IAP, SSP, artifacts for program reviews and RFPs.
• Shall assist with the execution of the IA RMF to support A&A of assigned systems and will assist with evaluating the technical implementation of the security design to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, accountability, and non- repudiation have been implemented as documented in the DoD Instruction 8500.01, Intelligence Community Directive (ICD) 503, Unified Facilities Criteria (UFC) 4-010-06, NIST SP 800-53 Revision 5, and/ or DoD Instruction 5200.48.
• Shall assist to review required program office artifacts and make recommendations to support IA RMF analysis and recommendation to the program office.
• Shall assist in developing an A&A report and an A&A presentation for each required system to include IATT, IATO ATO, and Authority to Connect (ATC).
• Shall assist in managing, planning, documenting and conducting Independent Verification & Validation (IV&V) of security requirements for weapon systems.
• Shall assist with evaluating the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability and non-repudiation have been implemented as documented in the DoD Instruction 8500.01, Intelligence Community Directive (ICD) 503, Unified Facilities Criteria (UFC) 4-010-06, NIST SP 800-53 Revision 5, and/ or DoD Instruction 5200.48 and that the features perform properly.
• Shall assist with document and report IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
• Will support IA site audits to verify architecture analysis, IA requirements and controls, verify mitigation actions, witness IA testing and evaluation, and to support final approval for IATT, IATO, and/or ATO/ATC.
• Shall assist to document and report IA site audit findings and recommendations to the Program Office.
• Shall assist to review and make recommendations to the Systems Engineering AT Certifying Officials regarding critical technologies requiring protection, PPP, AT plans, techniques, threats/vulnerabilities, risk and results.
• Will support monitoring and evaluating AT efforts for impacts to the program and provide recommendations to the PM.
• Shall assist with reviewing the program's Critical Program Information/ Critical Technology (CPI/CT) list.
• Shall support the program office SE Team and the AT DoD Executive Agent to produce new CPI/CT lists.
• Shall assist in ensuring that AT events are incorporated into the SEP and IMS and will support identifying and documenting the threat, vulnerability, attack scenarios, impacts if exploited and the exploitation timeline.
• Shall assist with identifying the software pedigree and quality assurance issues and document the results. Will support software security analysis to assess the vulnerabilities and risks and will assist to document and report results to the PM and the Certification Authority Representative.
• Shall assist with developing an approach for performing operational SWA sensitivity analysis and will assist with developing SWA test metrics for inputs to the TEMP.
• Will provide support to conduct risk assessments and will assist with performing hardware security analysis to assess the vulnerabilities and risks.
• Shall assist the Program Office with OSS&E and Communication, Navigation and Surveillance/ Air Traffic Management (CNS/ATM) airworthiness assessment for certification to ensure that DoD aircraft are safe and that they meet the requirements of the FAA in the U.S. and the International Civil Aviation Organization (ICAO).
• Shall submit deliverables in writing and update the deliverables in the technical source data, contained in the following master documentation:
• Architectural Analysis Report (AAR)
• Requirements Drawing Data Path Identification Data Type Identification System Security Plan (SSP)
• Security Control Traceability Matrix (SCTM) Risk Assessment Report (RAR)
• Hardware and Memory Architectural Analysis Report (HAMMAR) Cybersecurity Impact Evaluation Recommendation (CIER) Interim Authority to Operate/Test (IATT)
• Authority to Operate (ATO)
• Supply Chain Risk Management (SCRUM) Program Protection Plan (PPP)
• Anti-Tamper Plan (AT)
• Critical Program Information Identification (CPI) Residual CPI
• Criticality Analysis (CA)
• Counterintelligence Support Plan (CISP) Security Classification Guide (SCG) Cybersecurity Strategy (CSS)

• Shall assist to submit written reports, including, but not limited to, technical evaluation reports, white papers, and comment matrices on the above technical areas to the program office.
• Will support the development of PIT process and PIT guidance for the program office and shall assist in developing, reviewing, or assisting the U.S. Government and other supporting Contractors, to identify any "sensitive" media that should not be placed into the public domain (e.g., Classified, For Official Use Only (CUI)), as well as ensuring applicable Distribution Statement, Handling and Destruction Notice, Warning Statement (for technical information with space/military application under the ITAR or the Export Administration Regulations (EAR) for dual-use technologies), along with the expanded exemption statement are applied IAW AFI 61-204, and DoD 5400.7-R.
• Shall assist to properly mark, properly handle, secure, and dispose of any sensitive media in the Contractor's immediate control.
• Will advise or alert the U.S. Government, and other supporting Contractors of these requirements, for any sensitive media received which is not appropriately marked.
• Shall support all training (classroom and computer based) and keep accurate records of completed training.
• Will support cryptography analysis and assist in conducting Supply Chain Risk Management (SCRM).
• Shall assist in developing and documenting SCRM plans and implementation activities in appropriate acquisition and security documents, including, but not limited to, the acquisition strategy, SEP, PPP, and SSP.
• Shall assist to review and provide advisory assistance in evaluating cybersecurity system integrity engineering support which may include procedures associated with handling Critical Program Information (CPI) / Critical Components (CC) from unclassified material, up to and including Top Secret (TS), special access and Sensitive Compartmented Information (SCI).

Requirements

• Must have at least an active top-secret clearance.
• Master's or Doctoral Degree in a related field and a minimum of ten (10) years of experience in the respective technical / professional discipline being performed, at least five (5) of which must be in the DoD
• OR, Bachelor's Degree in a related field and a minimum of twelve (12) years of experience in the respective technical/professional discipline being performed, five (5) of which must be in the DoD
• OR, a minimum of fifteen (15) years of directly related experience with proper certifications as described in the PWS labor category performance requirements, eight (8) of which must be in the DoD.

• Specialized Experience: In addition to PWS Paragraph 3.1.1. and 3.3.1, recommend computer engineer, electrical engineer or computer science ABET accredited degrees or BS in information assurance or information systems. Recommend a minimum of ten years of systems engineering, systems security engineering, or IA experience. Required to possess and maintain a current Certified Information System Security Professional (CISSP) certification. Recommend expertise in state of a system where it is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments (systems integrity) and IA.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development