Description
ISSE Lead IT security representative within the CCAD Information Technology Directorate. Track and manage IT security programs and FISMA compliance to include performing risk analysis for all IT systems within CCAD in accordance with the Army DoD and NIST security programs. Supervise programs and personnel. Accountable for a team of Cyber Security (CS) professionals who provide security services directly to the United States Army Aviation and Missile Command (AMCOM) CISO and the Army Materiel Command (AMC) CIO. Assign tasks, provide training, develop performance standards, evaluate performance and influence authoritative decisions regarding personnel action as necessary. Manage multiple system and information security initiatives based on the Confidentiality, Integrity and Availability of those systems using the DHS security policies (4300A, B, C) and Federal guidelines (NIST SP800-37, NIST SP800-53/53A, NIST SP800-30, NIST SP800-60, NIST SP800-137, CNSSI 1253, ICD-518, ICS-507 etc. Additional capabilities include identifying the nuanced implications in the design of new initiatives. Manage scope, cost and schedule of assigned projects associated with the design, development, and deployment of various cybersecurity capabilities and services. Maintain communication with the component CISO and CIO as in an effort to ensure risks are understood, appropriate mitigation has been implemented and recommend under certification and accreditation vehicle Risk Management Framework (RMF) to achieve an Authority to Operate (ATO) for unclassified and classified enterprise networks. Support and manage Information Technology (IT) projects to ensure the developed solution meets customer requirements without sacrificing security disciplines. Identify IT security and Information Security (INFOSEC) program implications of new technologies or upgrades to new technologies do not compromise integrity but still meet the needs of the customer through the use of Plan of Action & Milestones (POA&M's). Develop, document and review the requirements, capabilities and constraints of a system design to include procedures and processes. Develop recommendations to resolve shortfalls in current system security features and practices. Perform security analysis on system designs, identify constraints, trade-offs, compensating mitigation and identify where lifecycle support requirements should be implemented. Develop solutions to integration/interoperability issues in IT programs and services. Coordinate and direct personnel to support mission initiatives and develop methods of aligning security with the mission. Participate in discussions and negotiations with subject matter experts or officials to resolve differences of opinion on proposed information technology system improvements or plans. Establish baseline security requirements from System Development through Life Cycle (SDLC). This includes determining appropriate products or services with program personnel/customers to define project scope, requirements, and deliverables in support of the cybersecurity programs. Also modify and/or provide input to cybersecurity project plans, identify project documentation requirements, align procedures to security and ensure FISMA compliance through the Security Requirements Traceability Matrix (SRTM), the development of Standard Operating Procedures (SOP) and define the scope and level of detail for cybersecurity plans and policy development. Security representative for a number of Command security policy and compliance committees to include the Enterprise Continuous Monitoring Working Group (CDWG), Committee on National Security Systems (CNSS), Computer and Network Support Services for Instructions (CNSSI) as well as local command working groups, that include Insider Threat, Incident Response and Change Management Board to develop policies that support both local and enterprise operations to ensure DoD compliance. Ensured FISMA compliance with DHS 4300 policy, NIST SP800-37, SP800-53, and SP800-47 guidance for seven enclaves comprised of both General Support Systems (GSS) as well as Major Applications (MA) with classification levels ranging from Sensitive but Unclassified (SBU) to Secret. Analyze security weaknesses and findings, identify compliance failures and recommend remediation, acceptance of risk and compliance requirements within a Plan of Action and Milestone (POA&M). Assessing risk and vulnerabilities to a cyber security program also means developing appropriate responses to mitigate risk. Developed the Security Incident Response Plan and advised on containment and remediation activities as well as after action report and personnel action. Consider interrelationships between network specialties, architecture, emerging technologies, and cybersecurity concepts to develop integrated systems meet current in future security requirements. Research and evaluate technologies that meet functional requirements but do not interrupt operational security. This requires the development of strategic execution plans within the design, development phase to ensure integration activities align to the system lifecycle requirements. This also requires managing resource allocation, and establishing and evaluating initiatives to achieve an effective execution plan. Brief senior military and civilian leadership on various security related programs and initiatives providing insight and recommendations to improve the overall security and functionality of existing systems. and Program support lead Provide in-depth Engineering Testing and Information Assurance knowledge and support to United States Air force Training Squadron. Managing the integration of weapons systems real-time and simulation networks for test and evaluations telemetry (data acquisition) systems post test applications decision support systems command and control and mission planning systems software development testing. Established and maintain Certification and Accreditation (C&A) on all A-CAT 1 systems within the organization. Monitoring and ensuring compliance with current Information Assurance policies concepts and measures when designing procuring adopting and developing new information systems. Defining and implementing security requirements such as those resulting from laws regulations or DoD directives. Address and leverage security engineering processes when new information systems are under development being procured or delivered for operation. Identifying need for changes based on new security technologies or threats. Developing and incorporating security requirements during system development anticipating identifying evaluating mitigating and minimizing risks associated with IT systems vulnerabilities. Review proposed new information systems networks and software designs for interoperability with other systems. Adapt the eight (8) FISMA requirements into the system life cycle support. Identify security categorization from a system base-line using the NIST guidance to include FIPS-199 FIPS-200 SP800-18 SP800-34 SP900-37 SP800-60 SP800-53 53A SP800-115. As the senior Information Systems Security Engineer additional responsibilities include: * Providing expert technical advice guidance and recommendations to management on significant information security policies programs and procedures as well as review and interpret guidelines regulations directives policies and other regulatory guidance governing IT program operations to determine the intent of the guidelines and impact on agency procedures. * Develop systems security contingency plans disaster recovery procedures and network systems design programs. * Developed and managed the modernization of both unclassified and classified networks and cyber security project plans for the Air Force Combat Information Transport System (CITS) and Weather Programs * Conducted risk and vulnerability assessments to evaluate IT security programs procedures methods tools and technologies to ensure an effective and compliant IT security program. Identify existing and potential problem areas/issues affecting the update and establishment of new security requirements and procedures. * Provide advisory services to management and decision-makers regarding implementation of IT security procedures and measures as well as analyze current IT security programs and operations in order to make recommendations for modifications or enhancements to procedures tools and technologies and Develop long-range plans for IT security systems that anticipate identify evaluate and minimize risks associated with IT system vulnerabilities. * Assess and apply new IT security developments and identify the needs for security changes based on new developing and potential IT security technologies and risks or threats. Responsibilities include identifying the protection level and security requirements for an information system and approaches to meet those requirements. * Recommend IT security practices based on system security baseline identified from the Federal and DoD security sources (DoD Directives US-CERT NIST DISA STIG's SSR's and IAVA's) and ensure compliance based on a POA&M. Document requirements manage initiatives and provide solutions to maintain a robust secure network environment. * Identify the requirements for changes based on new security technologies or threats. Also review proposed new systems networks and software designs for potential security risks and knowledge of principles and methods for the acquisition and delivery of a certifiable information system based on DoD and Airforce requirements and enterprise architecture standards. * Define the scope of security requirements for an information system and approve and/or enable security engineering processes for sensitive to classified information (SCI) systems under development being procured or delivered for operation. * Test and/or evaluate information systems prior to operation to verify interoperability with existing systems develop procedures to ensure certification and/or accreditation of new systems is completed prior to operation and perform risk assessments on the information systems under development and throughout the acquisition development portion of the life cycle and the continuous monitoring efforts set forth through Airforce directive mission requirements.
Accomplishments
Highlights:
Keywords
