Cybersecurity Senior, (SCAR)

About the role

Torch Technologies Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL. Our team provides superior research, development, and engineering services to the Federal Government and Department of War. As one of the nation's top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: "Lighting the Pathway of Freedom". And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us! Torch Technologies is seeking a Cybersecurity Senior (SCAR) to join the Cyber Domain providing cyber support to Air Force users to empower the acquisition, operation, sustainment, and security of warfighting systems by ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. This position provides onsite support to AFLCMC/GBZ at Gunter Maxwell AFB in Montgomery, AL. As a Cybersecurity Senior (SCAR) your duties include, but are not limited to: Ensure that system and application policies and procedures for the network are followed Review applications and systems plan, instructions, guidance, and standard operating procedures for the security of network systems operations Participating in the Information System Assessment Process (SAR) Assess security requirements for hardware, software, and services acquisitions specific to network environment/system cybersecurity programs Ensure that cybersecurity-enabled software, hardware, and firmware comply with appropriate network system security configuration guidelines, policies, and procedures Test and validation controls Use eMASS to review controls Review Plan of Actions and Milestones (POA&M) entries Ensure that cybersecurity inspections, tests and reviews are coordinated for the network system Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed Advise the AO, AODR, and application/system owner of any risks or vulnerabilities discovered Prepare Security Assessment Reports Provide risk assessments IAW NIST Special Publication 800-30 for authorization decisions and configuration changes. Participate in technical interchanges, security impact assessments and security assessment meetings with CDMs, ISSOs/lSSMs and AODR. Develop Security Assessment Report to document security vulnerabilities, mitigations, and overall risk determination. Validate eMASS controls or returns to submitter for re-testing. Perform automated and manual security testing; and, Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases. Required Qualifications: U.S. Citizenship Master's or Doctorate Degree in a related field and ten years of experience in the respective technical/professional discipline being performed, five years of which must be in the DoW OR Bachelor's degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoW OR 15 years of directly related experience with proper certifications, and eight of which must be in the DoW. 5+ years Information Technology (IT) Cybersecurity experience in RMF control implementation, testing, validation, and risk assessments. 3+ years of Information System Security Manager, Information System Security Engineering or Security Control Assessor Representative experience Experience using eMASS to review and assess artifacts and DISA STIG Viewer to review and analyze STIG results, ACAS scans, and SCAP scans. Knowledge and experience with NIST SP 800-53 for security control interpretation and validation of control implementation and inheritance model Knowledge with NIST SP 800-30 to determine likelihood of exploitation based on security vulnerabilities, mitigations, predisposing conditions, and compensating controls. Knowledge with AWS, Azure, Oracle OCI, or google cloud hosting environments and control inheritance models. Critical thinking and analysis skills to review Security Test Plan, System Security Plan, and Information Security Continuous Monitoring Plans to provide constructive feedback and corrective actions to Program Management Offices to define required RMF control testing and required artifacts. Ability to communicate effectively to lead meetings for security impact analysis, security control requirements and security assessment out-briefs with Program Management Offices and Authorizing Official Designated Representatives. Effect