Information Systems Security Manager/Engineer

Subsidiary: KIRA Information Solutions

Job Title: Information System Security Engineer (ISSE)

Job Location: Hybrid-Position working with Wright-Patterson Air Force Base, Dayton, OH

Labor Category: Exempt

Clearance Requirement: Secret Clearance, if required

In-person Requirement: As needed, meet in Dayton OH w/ key personnel or Customer

Travel Requirement: Minimal, as needed

Salary: $615,000 to $210,000

Tlingit Haida Tribal Business Corporation (THTBC) is a family of 8(a), HUBZone, SDB, and other companies wholly- owned by the largest tribe in Alaska. Each of its wholly- owned 30+ subsidiaries are uniquely qualified to deliver value to its customers and teaming partners. For over 30 years, THTBC has operated as a trusted US Federal contractor throughout the US and worldwide. As a Native Alaskan, Tribally- Owned business, THTBC has a competitive edge unique in the US Federal Government contracting space, including access to US Government directed sole source contracts. THTBC delivers outstanding service with innovative, low-cost contract solutions to all its public and private sector customers worldwide.

THTBC is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran's status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.

This position is working with the government and may require secret clearance and/or security plus certification. The government program office is Wright Patterson AFB, Dayton, Ohio. The development and support team are geographically dispersed, and teleworking is our daily working protocol, however, on-site support for meetings may be required. The program requires highly qualified, self-motivated, proactive people who work well with others with limited supervision.

Essential duties

The Information Systems Security Engineer (ISSE) will be responsible for the day-to-day security operations of all of the ETIMS systems. The ISSE will be responsible for ensuring the full compliance and appropriate operational security posture set to current Federal, CNSS, DoD, USAF, and NIST standard including but not limited to standards included in the programs Performance Work Statement. CyberSecurity for all information systems will be maintained and documented by the ISSE. The ISSE will run vulnerability scans, as required in systems such as Checkmarx and CAST, etc. In addition to implementing and maintaining the aforementioned policies, they shall support the creation and maintenance of Plans of Action and Milestones (POA&M) in response to vulnerabilities identified during scans, risk assessments, audits, and inspections. This responsibility includes physical and environmental protection, access control, incident handling, security training, vulnerability and compliance management, configuration management, and the assistance in the development of security policies and procedures. The ISSE assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals. The ISSE shall ensure that all application deliverables comply with the hosting environment's Application Security & Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning, the Database STIG, and a Web Penetration Test to mitigate vulnerabilities associated with (Structured Query Language) SQL injections, cross-site scripting, and buffer overflows.

The appointed ISSE will work for and in close collaboration with the Government appointed ISSM/E. Our ISSE will perform duties in accordance with DoD Instruction 8510.01 and 8520.02, DoD Directive 8140.01, AFI 33-210, NIST Special Publication 800-37, and AR 25-2.

Required qualifications:

• Bachelor's degree in engineering, science, mathematics, or a related field.
• Five years' experience within the past 10 years, in planning simulation exercise architectures, supervising implementation of communication systems, and integration of distributed exercises.
• Five years' experience in information technology management.
• Knowledge base with DoD Instruction 8510.01 and 8520.02, DoD Directive 8140.01, AFI 33-210, NIST Special Publication 800-37, and AR 25-2.
• Meet DoD 8570.01-M, 8140.01 Baseline Computing Environment (CE) Certification Requirements at Information Assurance Management Level II (IAM II).
• U.S. citizenship.

Preferred qualifications:

• Bachelor's degree in Computer Science or Information Management.
• Possess an expert understanding of NIST, DoD, Air Force (AF) Cybersecurity Risk Management Framework policies, directives, instructions, manuals, and best business practices.
• Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities (e.g., ACAS, MECM, ESS,etc.).
• Knowledge of disaster recovery continuity of operations plans. Knowledge of enterprise incident response program, roles, and responsibilities.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth).
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge of measures or indicators of system performance and availability.