Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America. RMC is hiring for a Information System Security Officer (ISSO) to support the Combat Air Forces (CAF) Operations Mobile Device (OMD) program for our customer at Langley AFB (Hampton, VA). The selected applicant will be responsible for assisting the Government in ensuring that aircrew mobile devices, infrastructure, and software applications are secured from attack. The selected applicant will perform a variety of Information Assurance activities, to include: * Advising the Government on IA, Certification and Accreditation, and cyber security best practices to support current and planned technologies and methodologies.
* Performing application security and penetration testing on different mobile platforms, to include iOS and Android.
* Producing advisory reports regarding 0-day exploits, CVE vulnerabilities.
* Conducting security assessments of software products for minor modification determination and identified risk, testing, and recommendations.
* Capturing and analyzing device/crash logs. Assisting in effective bug reporting, to include prioritization, steps to reproduce, and repeatability.
* Interpreting and refining government Cyber Security guidance and constraints, and integrating them into draft concepts, tactics, techniques, and procedures for implementation.
* Coordinating with other staff agencies in DoD, SAF, and MAJCOM levels on cyber security requirements for ACC sponsored systems/enclaves.
* Building test cases to verify that mobile apps comply with NSA standards and qualify for NIAP certification.
* Assisting Project Management Officers (PMO) with cyber security related items required to certify, approve, and defend against cyber-attacks.
* Analyzing malware behavior, network infection patterns, and security incidents. Researching and analyzing known hacker methodology, system exploits, and vulnerabilities to provide accurate, up to date assessments of the mobile program. Creating written reports, detailing assessment findings and recommendations.
* Assisting in the development of new capabilities by providing opportunity, threat, strength, and weakness assessments of current and future capabilities. * Educating program managers, both in writing and in-person, on aspects of the program. Requirements Bachelor's Degree in security management, computer systems, network engineering or related field. IA Technical Level II (i.e. GSEC, Security CE, SSCP) certification IAW DoDD 8570 and DoDD 8570.01-M. Certified Ethical Hacker (CEH) certification. Security Clearance: An active DoD Top Secret security clearance is required to start. Applicant selected may be subject to a security investigation and must meet eligibility requirements for access to classified information. The selected candidate must also possess a deep understanding of the differences in platform behaviors, OS versions, and device type considerations during testing. They must also have strong written and verbal communication skills, with the ability to clearly communicate technical approaches and findings. Additional experience requirements include: * Minimum three (3) years of industry experience performing security testing on diverse mobile platforms to include iOS and Android.
* Minimum three (3) years of experience performing penetration testing and vulnerability assessments.
* Minimum one (1) year experience and proficiency in Linux operating system configuration, utilities and programming.
* Minimum one (1) year experience conducting IT Security Risk Assessments in accordance with NIST.
* Minimum one (1) year experience working with LAN and WAN topologies, TCP/IP protocol, routers, switches, and firewalls.
* Minimum one (1) year experience with Apple iOS and Android OS technology, security, and intricacies. RMC employees may be subject to current COVID protocol requirements in order to access government facilities. #IND123