Overview:

Credence is one of the largest and fastest growing privately-held government technology and services companies and is repeatedly acclaimed as a Top Workplace. As evidenced by our awards and certifications and maturity levels, as well as the agility and responsiveness, to tackle our customers’ most challenging mission needs. We also offer comprehensive benefits including health insurance with dental and vision coverage, retirement savings plans with employer matching, paid time off, and opportunities for professional development and growth. Additionally, employees enjoy wellness programs, flexible work arrangements, and various discounts and perks to support their overall well-being and work-life balance.

We are actively seeking an Aircraft Systems Cybersecurity Specialist who will be primarily responsible for supporting Air Force Life Cycle Management Center AFLCMC/EN Wright-Patterson AFB, OH. 

The Engineering Directorate (AFLCMC/EN-EZ) has the collective AFMC mission responsibility for preeminent engineering expertise to acquire and support war-winning capabilities. In order to meet current and projected workload requirements in support of AFLCMC/EN-EZ, the Government must augment its organic (military and civil service) capabilities with Advisory and Assistance Services (A&AS) support. 

AFLCMC/EN-EZ is headquartered at Wright-Patterson Air Force Base (WPAFB) OH with major units located at Eglin Air Force Base (AFB) FL, and Hanscom AFB, (HAFB) MA, as well as additional locations across the United States (US). The Engineering Directorate is currently organized into the following divisions. 

Responsibilities include, but are not limited to the duties listed below:

Provide PIT A&A support to assigned systems during the acquisition life cycle.  The support includes developing, modifying, reviewing or coordinating PIT determination packages, Information Assurance Strategy (IAS) packages, Information Assurance Plans (IAP), System Security Plans (SSP), and artifacts for program reviews and Requests for Proposal (RFP).

Execute the cybersecurity Risk Management Framework (RMF) to support A&A of assigned systems. The Contractor shall evaluate the technical implementation of the security design to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, accuntability, and non-repudiation have been implemented as documented in the Director of Central Intelligence Directive (DCID) 6/3, Joint Air Force-Army-Navy (JAFAN) 6/3, National Institute of Standards and Technology (NIST) 800-53, and/or DoDI 8500.01. 

Review required program office artifacts and approval packages and make recommendations to support cybersecurity RMF analysis and recommendation to the Security Control Assessor (SCA). In order to support approval decisions, the Contractor shall assist the Government in development of a A&A report and a A&A presentation for each required system (PIT A&A approvals consist of the IATT and ATO).

Staff each approval package through the requesting organization and the Engineering Directorate prior to submission and briefing to the AO. 

Perform cybersecurity site audits to verify the architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity testing and evaluation, and to support final approval for IATT and/or ATO.

Document and report cybersecurity site audit findings and recommendations. 

Manage, plan, document and conduct Independent Verification and Validation (IV&V) of Information Assurance (IA) requirements for aircraft systems.  IV&V support includes but is not limited to: 

Review of program documentation (e.g. concept, requirements, design, manuals, reports, source code, deficiency/change reports and program schedules) to ensure that security requirements are adequately addressed and implemented; 

Witness of functional testing and conduct of additional security testing where necessary to verify the implementation of security requirements; 

Documentation and reporting of IV&V test plans, results, anomaly reports, recommendations, activity reports and other special reports as required; 

Conduct and documentation of risk assessments as part of validation activities that include risk descriptions, risk mitigation options, and recommendations; 

Performance of product security assessments of the software applications used to evaluate security requirements (the assessment is needed to provide a satisfactory level of assurance that the security functions of the applications function as expected); 

Assistance in translating DoD user requirements into system security requirements which will be used by the weapon system contractor to design, develop, fabricate, test, and evaluate systems, subsystems, and equipment for deployment;

Evaluation of security design technical implementation to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, and accountability have been implemented as documented in the JAFAN 6/3 and DoD RMF and that the features perform properly. 

Support the PIT Working Group in the development of PIT process and PIT guidance and provide adequate PIT policy support to assist in developing new requirements for cybersecurity and A&A policy to improve program support. The Contractor shall develop and modify cybersecurity, AT, and SCRM course materials for AFLCMC/EZAS learning courses. 

Education, Requirements and Qualifications:

Clearance: Secret or ability to obtain a Secret

B/A B/S and three (3) years of relevant experience or

Seven (7) years of relevant experience; five (5) of which must be in DoD

Knowledge and experience with system security engineering to include Supply Chain Risk Management (SCRM), hardware and software assurance, program protection planning, risk-based analysis and running Security Technical Implementation Guides (STIG)