Description
THE COMPANY
For over 40 years, Aero Simulation, Inc. (ASI) has provided quality flight training devices to the US Military. ASI has successfully built numerous training systems with a primary focus on aircrew and maintenance training systems. Our current programs include, but are not limited to, the B-1 Training Systems (Air Force), E-2D Training Systems (Navy), CH-53E Training Devices (USMC), IMOMS (Coast Guard), Navigation, Seamanship, Shiphandling Trainer – NSST (Navy). To learn more about ASI visit Programs — Aero Simulation, Inc.
ASI is a 100% employee-owned engineering and manufacturing company committed to supporting the nation’s warfighters. Being 100% employee-owned directly impacts our culture: it drives our decision-making, motivates our teams, increases our productivity, improves retention and contributes to the future success of our company. Our culture is one where we work hard for our clients and for each other – and we have fun collaborating, sharing experience and expertise, and learning along the way. We strive to deliver exceptional quality, elevate client relationships, and enrich the careers and lives of our employee-owners. As Employee-Owners, we are invested in the success and continued development of each other and the company.
In addition to the Employee Stock Ownership Plan (ESOP), we offer a flexible work environment, generous paid time off, professional development opportunities, industry competitive compensation, and superior benefits to include medical, dental, 401k and more!
ASI is a great place to build a career and grow with a company that is dedicated to quality, service and to fostering a community of support for each and every member of the team. To learn more about this opportunity, keep reading!
Position Summary
The Cybersecurity Engineer provides training systems, upgrades, and support to various government customers. The successful candidate will interface with other systems engineering disciplines and stakeholders to help ensure that the appropriate security principles, concepts, methods, and practices are applied during the system life cycle to achieve stakeholder objectives for the protection of assets.
Essential Duties And Responsibilities
- Perform Information system security engineering (ISSE) activities for all phases of the system development life cycle utilizing the Risk Management Framework in accordance with applicable NIST Special Publications 800 and FIPS series to create, upgrade, and maintain aircraft training devices.
- Provide Cybersecurity Subject Matter Expertise (SME) engineering support to project teams.
- Define stakeholder security objectives, protection needs and concerns, security requirements, and associated validation methods.
- Select, tailor, implement and assist validating security controls with respect to security categorizations and applicable guidance such as the JSIG, CNSSI 1253, NIST SP 800-37, SP 800-53A, and FIPS-199.
- Define system security requirements and associated verification methods.
- Design, build, configure, implement and maintain security designs for new or existing systems.
- Ensure that the design of hardware, operating systems, and software applications adequately address cybersecurity requirements for the system.
- Participate in an IS risk assessment during the A&A process and design security countermeasures to mitigate identified risks.
- Identify and assess vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats.
- Ensure that system designs support the incorporation of DoD-directed IA vulnerability solutions, e.g., IAVAs.
- Design proactive and reactive security functions encompassed within a balanced strategy to control asset loss and associated loss consequences.
- Provide security considerations to inform systems engineering efforts with the objective to reduce errors, flaws, and weakness that may constitute security vulnerability leading to unacceptable asset loss and consequences.
- Identify, quantify, and evaluate the costs/benefits of security functions and considerations to inform analysis of alternatives, engineering trade-offs, and risk treatment decisions.
- Perform system security analyses in support of decision making, risk management, and engineering trades.
- Demonstrate through evidence-based reasoning that security claims for the system have been satisfied.
- Ensure that the implementation of security designs properly mitigate identified threats.
- Document system security design features and provide input to implementation plans and standard operating procedures.
- Assess the effectiveness of information protection measures utilized by systems.
- Provides evidence to substantiate claims for the trustworthiness of the system.
- Generate and submit authorization packages and required artifacts to authorizing officials for an authorization decision.
- Leverage multiple security and other specialties to address all feasible solutions so as to deliver a trustworthy secure system.
- Recognize a possible security violation and take appropriate action to report the incident.
- Organize, develop, and present briefings, written summaries, and written reports.
SUPERVISORY RESPONSIBILITES
This job has no supervisory responsibilities.
Requirements
EXPERIENCE REQUIREMENTS
ENTRY- 0-3 Years
MID- 3 to 7 Years
SENIOR- 7+ Years
- Experience implementing Department of Defense (DoD) security requirements and contract/government information security.
- Experience in managing information systems under the DoD Risk Management Framework (RMF) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Experience in the DoD vulnerability management process.
- Experience in applying Security Technical Implementation Guide (STIGs) configuration settings to Linux and Windows operating systems and network devices.
- Knowledge of vulnerability scanning software use (ACAS, etc.) and ability to analyze and report the results.
- Knowledge of cybersecurity policies, procedures.
- Knowledge and experience with NISPOM and DoD security related instructions.
Preferred Qualifications
Specialized experience in one or more:
- Experience with Department of Defense (DoD) networks.
- Experience with Windows and Linux Systems Engineering and/or Administration.
- Experience with Network Engineering and/or Administration.
- Experience with Network Security Engineering and/or Administration.
- Experience conducting Software Security Assessments
- Experience with Public Key Infrastructure (PKI) Engineering
- Experience with Vulnerability Management (e.g. flaw remediation leveraging tools such as ACAS and WSUS or YUM)
- Experience with Endpoint Security Engineering and/or Administration (e.g. HBSS/ESS)
- Proficiency in common business software (Microsoft Office – Word, Outlook, Power Point, Excel, SharePoint)
Additional Required Skills And Abilities
- Ability to develop and maintain positive working relationships with internal and external customers.
- Ability to adapt communication style and messaging to different audiences.
- Ability to manage multiple priorities and projects simultaneously, ensuring stakeholder expectations are managed appropriately.
- Ability to work in a project-oriented, fast paced environment to meet deadlines.
- Ability to work in a team environment, or independently, as necessary, and be a self-starter who will attack designs and resolve problems effectively and efficiently.
- Keen attention to detail to deliver solutions that meet business requirements and are operationally supportable.
Education Requirements
Bachelor's degree in Cybersecurity, Computer Science, Computer Engineering, Information Technology, Information Assurance, or equivalent experience.
Certification Requirements
Required: Current DoD 8570/8140 IAT Level II Certification (CompTIA Security+CE, CCNA Security, CySA+, etc.)
Employment Requirements
- Due to contractual requirements must be a United States Citizen
- Must be able to pass an initial background check.
- Must be able to obtain and maintain an active Department of Defense security clearance. Employee/selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information (as required)
- Required to communicate in English.
- The ability to travel to installation sites to install and troubleshoot systems.
- ASI is a Drug Free Workplace where applicants and employees are required to successfully pass pre-employment and Random drug testing.
Physical Requirements
- Candidate must be able to work in small, confined spaces (simulator cockpits)
- Typically, employees sit comfortably to do their work, interspersed by brief periods of standing, walking, bending carrying papers and books, and extensive periods requiring the use of computer terminals to accomplish work objectives.
- Additional skills may be required to perform additional task(s) specific to work location, department or line of business.
- Must be able to travel via car and airplane.
- Must be able to climb stairs to enter and exit a simulator.
WORK ENVIRONMENT
Work is primarily performed in an office environment consisting of offices and cubicles with low to moderate noise and bright or dim lighting. The work is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as external customers.
Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications that are required of the employee for the job. Duties, responsibilities, and activities may change at any time with or without notice.
The following policies apply to all areas of employment, including recruitment, hiring, training and development, promotion, transfer, termination, layoff, compensation benefits, social and recreational programs, and all other conditions and privileges of employment in accordance with applicable federal, state, and local laws.
Candidate Reasonable Accommodation
Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify Aero simulation, Inc. by e-mail at jobs@aerosimulation.com or by calling directly at 813-867-4447.
ADA Policy
It is the policy of ASI to comply with all the relevant and applicable provisions of the Americans with Disabilities Act (ADA) and its Amendments. ASI will not discriminate against any qualified employee or job applicant with respect to any terms, privileges, or conditions of employment because of a person's physical or mental disability. ASI also will make reasonable accommodation wherever necessary for all employees or applicants with handicaps, disabilities, provided that the individual is otherwise qualified to safely perform the duties and assignments connected with the job and provided that any accommodations made are not an undue hardship for ASI.
Equal Employment Opportunity
ASI is proud to be an Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, domestic/civil partnership or marital status, national origin, disability, status as a protected veteran or any other characteristic protected by law. We strive for everyone to be valued, connected, and empowered to reach their potential and contribute their best.
Pay Transparency Policy Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise, have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.