Cybersecurity Senior, (SCAR)

Torch Technologies

Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL. Our team provides superior research, development, and engineering services to the Federal Government and Department of War. As one of the nation's top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: "Lighting the Pathway of Freedom". And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us!

Torch Technologies is seeking a Cybersecurity Senior (SCAR) to join the Cyber Domain providing cyber support to Air Force users to empower the acquisition, operation, sustainment, and security of warfighting systems by ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. This position provides onsite support to AFLCMC/GBZ at Gunter Maxwell AFB in Montgomery, AL.

As a Cybersecurity Senior (SCAR) your duties include, but are not limited to:

• Ensure that system and application policies and procedures for the network are followed
• Review applications and systems plan, instructions, guidance, and standard operating procedures for the security of network systems operations
• Participating in the Information System Assessment Process (SAR)
• Assess security requirements for hardware, software, and services acquisitions specific to network environment/system cybersecurity programs
• Ensure that cybersecurity-enabled software, hardware, and firmware comply with appropriate network system security configuration guidelines, policies, and procedures
• Test and validation controls
• Use eMASS to review controls
• Review Plan of Actions and Milestones (POA&M) entries
• Ensure that cybersecurity inspections, tests and reviews are coordinated for the network system
• Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed
• Advise the AO, AODR, and application/system owner of any risks or vulnerabilities discovered
• Prepare Security Assessment Reports
• Provide risk assessments IAW NIST Special Publication 800-30 for authorization decisions and configuration changes.
• Participate in technical interchanges, security impact assessments and security assessment meetings with CDMs, ISSOs/lSSMs and AODR.
• Develop Security Assessment Report to document security vulnerabilities, mitigations, and overall risk determination.
• Validate eMASS controls or returns to submitter for re-testing.
• Perform automated and manual security testing; and,
• Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.

Required Qualifications:

• U.S. Citizenship
• Master's or Doctorate Degree in a related field and ten years of experience in the respective technical/professional discipline being performed, five years of which must be in the DoW OR
• Bachelor's degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoW OR
• 15 years of directly related experience with proper certifications, and eight of which must be in the DoW.
• 5+ years Information Technology (IT) Cybersecurity experience in RMF control implementation, testing, validation, and risk assessments.
• 3+ years of Information System Security Manager, Information System Security Engineering or Security Control Assessor Representative experience
• Experience using eMASS to review and assess artifacts and DISA STIG Viewer to review and analyze STIG results, ACAS scans, and SCAP scans.
• Knowledge and experience with NIST SP 800-53 for security control interpretation and validation of control implementation and inheritance model
• Knowledge with NIST SP 800-30 to determine likelihood of exploitation based on security vulnerabilities, mitigations, predisposing conditions, and compensating controls.
• Knowledge with AWS, Azure, Oracle OCI, or google cloud hosting environments and control inheritance models.
• Critical thinking and analysis skills to review Security Test Plan, System Security Plan, and Information Security Continuous Monitoring Plans to provide constructive feedback and corrective actions to Program Management Offices to define required RMF control testing and required artifacts.
• Ability to communicate effectively to lead meetings for security impact analysis, security control requirements and security assessment out-briefs with Program Management Offices and Authorizing Official Designated Representatives.
• Effective writing skills to develop clearly defined technical reports such as Security Assessment Reports and Information Security Continuous Monitoring Audit Reports.
• Hold and maintain a personnel certification associated with the DCWF Security Control Assessor work role (612) at an advanced (senior) proficiency level as outlined in DoWI 8510.01, AFMAN 17-1305 and AFI 17-101 for assigned systems/applications.
• Must hold CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSNA
• Must hold and maintain an active Secret security clearance.

Preferred Qualifications:

• Specific knowledge of applications, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation.
• The scope is not limited to information security; it includes the entire field of Cyber Security (availability, identification and authentication, confidentiality, integrity, and non-repudiation) to include Cyber Security techniques, processes, and industry trends.
• It also includes Information Operations (IO) (e.g. operational security of Information Technology (IT), the use of the electromagnetic spectrum for IT purposes and computer network operations).

Schedule: (M-F; 8-5)

Work Location: Onsite at Gunter Maxwell, AL

Travel: No

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

#LI-EW1

Benefits:

Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law. Torch Technologies, Inc. participates in E-Verify.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Careers Link as a result of your disability. You can request reasonable accommodations by sending an email to HR@torchtechnologies.com. Thank you for your interest in Torch Technologies.