Cyber Resiliency Test Engineer - SME - TGE

Support acquisition programs in the development of cyber test strategies and plan for the implementation of cyber test activities. Accomplish reoccurring Mission Based Cyber Risk Assessments (MBCRAs) and help test teams develop and document cyber (cybersecurity and cyber resiliency) test strategies and Cooperative Vulnerability Investigation (CVI), Adversarial Cybersecurity Development Test & Evaluation (ACD), Cooperative Vulnerability and Penetration Assessment (CVPA), and Adversarial Assessment (AA) test methodologies based on ongoing system cyber vulnerability assessments. Develop Air Force guidance on the acquisition and cyber test of Air Force systems. This includes:

• Work with programs to develop cyber test strategies that integrate into the their larger acquisition, development, deployment, and functional test strategies
• Develop and document standard, repeatable process(es) for conducting MBCRAs and CVIs, ACDs, CVPAs, and AAs
• Support the development of cyber test and evaluation procedures for aircraft, munitions, C4ISR, and Information Technology systems
• Document the system information requirements and work products needed by the Developmental Test & Evaluation (DT&E) and Operational Test & Evaluation (OT&E) communities to plan, execute, and report on systems' cyber test objectives
• Provide requirements usable by programs to incorporate in statements of work, system technical requirements documents, Test and Evaluation Master Plans, DT&E and OT&E Entrance and Exit criteria, and other documents
• Assist with developing and documenting Air Force guidance and informing DOD guidance updates
• Document recommendations for incorporating DT&E/OT&E cybersecurity deficiency reporting and watch items into standard DT&E/OT&E processes
• Facilitate and guide program MBCRAs
• Assist with CVI, ACD, CVPA, and AA planning, execution, and reporting to achieve the above objectives, provide expertise and lessons learned, and apply process knowledge for systems under test

• While there are no minimum education and experience levels required for a TMAS SME, the selectee must be regarded within the community of interest as a Subject Matter Expert in penetration testing from both technique and tools testing perspectives. This skill level will oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
• US Citizen and able to obtain and maintain a Top Secret - (Single Scope Background Investigation)
• Must be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, etc.) within 6 months of hire, and maintain certification throughout employment.
• Significant understanding of the DOD acquisition and/or test and evaluation processes/activities
• Knowledge in planning and conducting test
• Analytical skills and problem-solving skills
• Good organization, decision making, and verbal and written communication skills
• Excellent self-initiative and self-motivation with the ability to work under minimal supervision
• Ability to work effectively in small and large team settings to solve complex problems
• Travel up to 15-20 weeks per year, potentially to worldwide sites, * Experience in planning and conducting cyber test
• Significant understanding of the DoD Cybersecurity Test and Evaluation Guidebook (six phases)
• Experience conducting Mission Based Cyber Risk Assessments (MBCRAs)
• Knowledge in the Cybersecurity Assess and Authorize (A&A) process to support DoD acquisition programs through the Risk Management Framework (RMF) process
• Experience establishing cybersecurity guidelines and practices at the DOD or Service level
• Active SECRET or Top Secret clearance
• Proficient in software development
• Understanding of network and/or systems security engineering