B-2 Information Technology Security in Wright-Patterson Air Force Base, OH at DCS

Date Posted: 7/7/2020

Job Snapshot

Job Description

The Contractor shall assist in ensuring the implementation of security measures for classified ISs in accordance with the DoD directives and facility procedures.

Essential Job Functions:

The Contractor shall support the testing and evaluation of new operating systems/software and hardware requested for use on ISs.

Assist in developing and implementing procedures to ensure JSIG, RMF, and National Industrial Security Program Operating Manual (NISPOM) compliance, and shall perform weekly IS audits. If full compliance is not possible, the Contractor shall notify Government Information Assurance Managers (IAMs) of the risks and possible mitigations.

The Contractor shall aid in conducting ongoing security reviews and tests of the B-2 ISs to periodically verify that security features and operating controls are functional and effective. The Contractor shall utilize security-related software for the detection of malicious code, viruses, and intruders, as appropriate. The Contractor shall provide technical expertise to assist in applying and implementing JSIG requirements into the security structure of B-2 ISs. The Contractor shall support the maintenance and development of SSPs for systems. The Contractor shall assist in assessing, developing, and reviewing sanitization procedures and program designed hardware. The Contractor shall also assist in assessing, researching, and recommending approval for hardware and software to B-2 Government IAM.

Under the direction of the B-2 Government IAM, the Contractor shall assist in producing and/or reviewing documentation for the B-2 Program Office to support the breadth of acquisition, sustainment, and IA efforts. The Contractor shall support the B- 2 Program Office relative to the B-2 organization’s IA program and IA policies/procedures compliance activities.

When requested, the Contractor shall assist the B-2 Government IAM and IAO in specific areas as follows:

 Providing technical expertise on computers and avionics systems and IA support for the Modernization and Sustainment efforts that are integrated as well as support in the B-2 IS.

 Supporting the coordination of security approval for sanitization and secured handling procedures for avionics line replaceable units, special laboratory equipment, and Special Test Equipment (STE).

Assisting in ensuring B-2 ISs are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan.

Assisting in ensuring all B-2 IS users have the requisite security clearances, authorization, and need-to-know and are aware of their security responsibilities before granting access to the IS.

Reporting all security-related incidents to the B-2 Government IAM.

 Initiating, with the approval of the B-2 Government IAM, protective or corrective measures when a security incident or vulnerability is discovered.

 Assisting in the development and maintenance of SSPs.

Supporting periodic reviews to ensure compliance with the SSPs.

Supporting efforts that ensure configuration management for security-relevant B-2 Information System software, hardware, and firmware is maintained and documented.

Aiding in monitoring system recovery processes to confirm that security features and procedures are properly restored.

Assisting in ensuring all B-2 IS security-related documentation is current and accessible to properly authorized individuals.

Notifying the B-2 Government IAM when a system no longer processes intelligence or SAP information.

Notifying the B-2 Government IAM when changes occur that might affect B-2 WSSC IS accreditation.

Aiding in ensuring system security requirements are addressed during all phases of the system life cycle, and.

Following procedures developed by B-2 Government IAM, authorizing software, hardware, and firmware use before implementation on the system.

The Contractor shall support implement security controls by applying specific safeguards or by assisting in the regulation of specific activities that are expressed in a specified format (i.e., a control number, a control name, control text, and a control class). The Contractor shall apply specific management, personnel, operational, and technical controls to each DoD information system to assist in achieving an appropriate level of integrity, availability, and confidentiality in accordance with Office of Management and Budget Circular A-130 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev 4.

Apply knowledge of information security best practices and industry standards to assist in protecting data from unauthorized access and prevention of the use, disclosure, destruction, modification, or disruption to access (reference NIST SP 800-115).

Assist in evaluating aspects of economics of privacy and security when associated with protection schema or security options and shall advise on the most effective and efficient security measures based upon CBA, break-even analysis, and life cycle cost (reference NIST SP 800-65 Rev 1).

Support the evaluation of physical security measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts. The Contractor shall apply experience in the preparation of conceptual diagrams showing how a building, facility, or stored information, might be attacked.

Support security A&A by applying knowledge commensurate with the professional certifications associated with the DoD RMF approach for identifying information security requirements, providing security solutions, and managing the security of DoD IS. The Contractor should have experience with certification authority and designated approving authority processes.

Assist in integrating program protection engineering processes for mitigating and managing risks to advanced technology and mission-critical system functionality from foreign collection, design vulnerability, or supply chain exploitation/insertion, battlefield loss, and unauthorized or inadvertent disclosure throughout the acquisition life cycle.

Prepare and maintain the B-2 PPP, which includes but is not limited to the following tasks:

Assisting in conducting identification and criticality analysis to assist in implementing protection of CPI and critical technology.

Functioning as the program focal point for Threat Analysis/Assessment required by the DoD acquisition community to assess program and supplier risks. This includes assisting in the preparation and evaluation of the System Threat Assessment Report (STAR)/System Threat Assessment (STA) by the appropriate Intelligence organization(s) to examine and assess impact through loss or compromise information sensitive to the program effort and or national security interests. Experience should include maintenance of the STAR/STA in keeping the assessment current and validated throughout the acquisition process.

Assist in applying vulnerability assessment procedures, tools, and techniques which identify system vulnerabilities, including but not limited to approaches to identifying vulnerabilities, rating vulnerability severity, identifying vulnerability mitigations or countermeasures, and interactions with other program protection processes.

Assist in conducting the risk assessment methodology to identify, assess, and assist in mitigating potential program impacts.

 Applying familiarity and experience in program protection countermeasure implementation, including but not limited to:

AT techniques and documentation; experience should include preparation of an AT Plan based upon a system engineering functional decomposition approach.

An in-depth experience of IA management and application of measures that protect and defend information and IS by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation; this includes providing for restoration of IS by incorporating protection, detection, and reaction capabilities.

Knowledge and experience with software assurance plans and implementation concerning development process, operational system and development environment.

Familiarity with supply chain risk management guidance and policy concerning program sensitive items.

Familiarity identifying security management requirements during specific phases of the program acquisition life cycle.

The Contractor shall be familiar with DoDI 5200.39 (revised Dec 2010) and with implementation of horizontal protection techniques to assist in ensuring that all who develop, process, or store the same or similar CPI use the same or equally effective:

Classification standards and preparation of classification/declassification guidelines; export control guidelines; foreign disclosure arrangements,AT protection measures;IA standards, and; Physical security standards.

The Contractor shall be familiar with 2011 National Defense Authorization Act to support the development and incorporation of technology protection features into a system or subsystem during its R&D phase and international considerations within the acquisition management framework for summary of defense exportability features nomination and feasibility assessment.

Required Skills:

Due to the sensitivity of customer related requirements, U.S. Citizenship is required.

A High School Diploma plus fifteen years of experience or a Bachelor's degree plus ten years of experience is required.

An active Top Secret clearance is required.

The Contractor shall be a certified systems security professional possessing at least five years of experience in implementing Joint Special Access Program (SAP) Implementation Guide (JSIG) or JSIG-related Risk Management Framework (RMF) concepts and processes to be used in the discovery of Information Protection (IP) needs.

Be knowledgeable in the design of systems and security controls and technical, personnel, or management solutions to effectively and efficiently satisfy these requirements. The discipline includes concepts of defense in depth, risk assessment, and the systems life cycle. The Contractor should meet all prerequisites necessary to enable the Government to grant a DoD Directive (DoDD) 8570 baseline certification commensurate with the position description and tasking responsibilities.