ASRC Federal Netcentric Technologies, LLC is seeking an Industrial Control System (ICS) Cybersecurity Engineer to support ongoing activities on the Kirtland AFB Engineering Operations Services (KEOS) contract in Albuquerque, New Mexico.  KEOS is a base maintenance/operations support-type contract, also known as BMC or BOS.

Job Summary:

Technical lead for the design, installation, commissioning, and maintenance of control systems upgrades, new installations, and modifications in a variety of industrial process settings.  Serves as Information System Security Officer (ISSO) in support of KAFB’s owned and operated control systems, ensuring the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of cybersecurity programs, policies, procedures, and tools.

 

Duties and Responsibilities:

Support the implementation and maintenance of cyber security requirements within the control networks. Provide technical guidance and direction for the standardization of control systems and operational technology network architecture throughout the enterprise. Performs the specification of and assists in the procurement of control systems, instrumentation, and supporting equipment. Provide RMF support required to obtain and maintain Authority to Operate (ATO) approvals for multiple networks. Create and maintain documentation and artifacts in Enterprise Mission Assurance Support Services (eMASS) in support of Risk Management Framework (RMF) activities. Perform software assurance and risk assessments for the development of several software packages. Conduct and review vulnerability and compliance scans of information systems hardware and software and provide guidance for remediation of detected security flaws and configuration issues. Review and monitor audit records of information systems. Develop and maintain required Standard Operating Procedures (SOP) and Work Instructions in accordance with Department of Defense and United States Air Force Policies and Procedures. Oversee all communications with Program Management, Information System Security Manager (ISSM), and On-Site Representative (OSR). Directs remediation actions on security controls based on the findings and recommendations of the security assessment report and works with Security Control Accessor (SCA) to remediate controls for compliance. Administrates mitigation for all identified POA&M weaknesses and ensures closure in a timely manner according to the mitigation plan. Ensures appropriate steps are taken to reduce or eliminate identified weaknesses, then coordinates security authorization package to SCA for assessment. Support configuration management processes and documentation to ensure all proposed changes are analyzed, tested and approved prior to implementation. Develop and test contingency plans and disaster recovery plans. Create and manage system Plans of Action and Milestones (POA&M) for all identified weaknesses and vulnerabilities. Oversees access control requirements, including privileged users, and ensure all personnel receive the requisite cybersecurity training.