Full-Time CHIEF SECURITY OFFICER
Job Description
Position Description
Are you an experienced Information Security executive looking for very challenging work? Are you looking for a real purpose in your profession? Do you want an opportunity to serve your country? We are looking for a Chief Information Security Officer who has the expertise, interpersonal skills, and wisdom gained from the lessons learned from your broad and deep experience in the major aspects of Information Security, including security engineering & architecture, security monitoring and incident response, Red Team, Identity & Access Management, and GRC (Governance, Risk, & Compliance).
We are a mission-focused technology team within the US Air Force continuously developing, deploying and operating (“DevSecOps”) mission-critical warfighting applications for the US Air Force that need to be highly secure, operationally available and mission capable 24x7x365 in highly contested environments. We are developing “fit-for-purpose” solutions for some of the most challenging problems you will encounter. If we do our job well, we will help save lives, make our Air Force more lethal, deter our adversaries, and promote peace.
The CSO team is an integral part of Kessel Run’s CIO organization, which provides IT direction to the enterprise and encompasses a broad range of IT capabilities: Warfighting (aka “business”) architecture, application architecture & engineering, data, infrastructure & platform architecture, IT standards, testing, security, risk & controls. The heads of these functions report to the CIO. As CSO, you will be in a senior position working directly for the CIO. Given the breadth and critical importance of this role, you have broad and deep IT Security knowledge, combined with significant “hands on” experience, to lead the CSO organization and to be able to draw on your prior experience and lessons learned to quickly engage where needed to deliver high quality results.
Your four primary areas of responsibilities will be:
- Protect, Shield, Defend, Prevent
- Monitor, Detect, Hunt
- Respond, Recover, Sustain
- Govern, Educate, Comply, and Manage Risk
Responsibilities
Ensure that the organization’s staff, policies, processes, practices, and technologies:
- Proactively protect, shield, and defend the enterprise (hosts, networks, systems, applications, databases, information)from cyber threats, and prevent the occurrence and recurrence of cybersecurity incidents. This includes COSTS, GOTS, or open source systems. Enforce OWASP ASVS 4.0, NIST 800-53, CNSSI 1253 requirements.
- Monitor ongoing operations, applications, and platforms and actively hunt for and detect potential adversarial activity
- Report and investigate suspicious and unauthorized events expeditiously.
- Minimize impact of any cybersecurity events and ensure that the organization’s capabilities are rapidly deployed to return assets to normal operations as soon as possible.
- Provide ongoing oversight, management, compliance and performance measurement and reporting, and course correction of all cybersecurity activities.
Who We Are
Kessel Run is an Air Force System Program Office for several Programs of Record that continuously delivers war-winning software that our Airmen love.
We are an Agile Delivery Organization.
We sustain the existing Air Operations Center baseline while simultaneously building a scalable software factory to architect, manufacture and operate intuitively designed Wing and Operational level Command and Control systems to function effectively in highly contested environments.
We are offering the opportunity to work in a modern work environment, to use cutting-edge technologies and modern processes, all while making a meaningful impact every single day. Come help us solve our nation’s toughest, most complex challenges while enjoying yourself at work every day.
Who You Are
- You have significant background in “best practices” in several of the following areas:
- Cloud security and securing GovCloud, hybrid, & cloud edge environments
- Application, network & infrastructure security engineering & assessment
- Cyber defense including prevention, detection (including active threat hunting), response, recovery.
- DevSecOps, CI/CD pipelines, and agile software development practices.
- Identity, Credential, & Access Management
- Zero-Trust Security & Network Architecture
- Secure Access Service Edge
- SOC 2 attestation
- Technology risk & control frameworks
- DoD civilian or military experience (a plus)
- You have at least 10 years of cyber security experience in the DOD or a highly regulated industry. Knowledge of DoD RMF ATO process and DoD 8570 is a plus
- You have strong leadership and management skills with a diverse workforce
- You enjoy and seek out opportunities to mentor, coach and grow
- You have top-quality written and verbal communication skills (e.g., capable of public speaking, changing your messaging based on the audience)
- You are a U.S. citizen and are eligible to obtain a U.S. Top Secret Security Clearance. You will need to apply for and obtain a TS/SCI clearance (if you don’t have it already) to continue to perform in this role.
Qualifications
Minimum Education – Bachelor’s degree with concentration in Cybersecurity, Computer Science, Computer Engineering or Information Technology preferred.
Preferred Education – Master’s Degree in Computer Science, Cybersecurity or other related field.
Certifications – One or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Risk & Information Systems Control (CRISC).
This is a Federal civilian service position within the United States Air Force. We are hiring at the equivalent of GS-15 level for this position.
How to Apply
Apply here: https://grnh.se/e92688f03us84 total views, 0 today