Cybersecurity Senior, (SCAR)

Torch Technologies Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL. Our team provides superior research, development, and engineering services to the Federal Government and Department of War. As one of the nation's top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: "Lighting the Pathway of Freedom". And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us! Torch Technologies is seeking a Cybersecurity Senior (SCAR) to join the Cyber Domain providing cyber support to Air Force users to empower the acquisition, operation, sustainment, and security of warfighting systems by ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. This position provides onsite support to

AFLCMC/GBZ

at Gunter Maxwell AFB in Montgomery, AL. As a Cybersecurity Senior (SCAR) your duties include, but are not limited to: Ensure that system and application policies and procedures for the network are followed Review applications and systems plan, instructions, guidance, and standard operating procedures for the security of network systems operations Participating in the Information System Assessment Process (SAR) Assess security requirements for hardware, software, and services acquisitions specific to network environment/system cybersecurity programs Ensure that cybersecurity-enabled software, hardware, and firmware comply with appropriate network system security configuration guidelines, policies, and procedures Test and validation controls Use eMASS to review controls Review Plan of Actions and Milestones (POA&M) entries Ensure that cybersecurity inspections, tests and reviews are coordinated for the network system Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed Advise the AO, AODR, and application/system owner of any risks or vulnerabilities discovered Prepare Security Assessment Reports Provide risk assessments

IAW NIST

Special Publication 800-30 for authorization decisions and configuration changes. Participate in technical interchanges, security impact assessments and security assessment meetings with CDMs, ISSOs/lSSMs and AODR. Develop Security Assessment Report to document security vulnerabilities, mitigations, and overall risk determination. Validate eMASS controls or returns to submitter for re-testing. Perform automated and manual security testing; and, Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.

Required Qualifications:

U.S. Citizenship Master's or Doctorate Degree in a related field and ten years of experience in the respective technical/professional discipline being performed, five years of which must be in the DoW OR Bachelor's degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoW OR 15 years of directly related experience with proper certifications, and eight of which must be in the DoW. 5+ years Information Technology (IT) Cybersecurity experience in RMF control implementation, testing, validation, and risk assessments. 3+ years of Information System Security Manager, Information System Security Engineering or Security Control Assessor Representative experience Experience using eMASS to review and assess artifacts and

DISA STIG

Viewer to review and analyze STIG results, ACAS scans, and SCAP scans. Knowledge and experience with

NIST SP 800-53

for security control interpretation and validation of control implementation and inheritance model Knowledge with

NIST SP 800-30

to determine likelihood of exploitation based on security vulnerabilities, mitigations, predisposing conditions, and compensating controls. Knowledge with AWS, Azure, Oracle OCI, or google cloud hosting environments and control inheritance models. Critical thinking and analysis skills to review Security Test Plan, System Security Plan, and Information Security Continuous Monitoring Plans to provide constructive feedback and corrective actions to Program Management Offices to define required RMF control testing and required artifacts. Ability to communicate effectively to lead meetings for security impact analysis, security control requirements and security assessment out-briefs with Program Management Offices and Authorizing Official Designated Representatives. Effective writing skills to develop clearly defined technical reports such as Security Assessment Reports and Information Security Continuous Monitoring Audit Reports. Hold and maintain a personnel certification associated with the DCWF Security Control Assessor work role (612) at an advanced (senior) proficiency level as outlined in DoWI 8510.01, AFMAN 17-1305 and

AFI 17-101

for assigned systems/applications. Must hold CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSNA Must hold and maintain an active Secret security clearance.

Preferred Qualifications:

Specific knowledge of applications, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation. The scope is not limited to information security; it includes the entire field of Cyber Security (availability, identification and authentication, confidentiality, integrity, and non-repudiation) to include Cyber Security techniques, processes, and industry trends. It also includes Information Operations (IO) (e.g. operational security of Information Technology (IT), the use of the electromagnetic spectrum for IT purposes and computer network operations).

Schedule:

(M-F; 8-5)

Work Location:

Onsite at

Gunter Maxwell, AL Travel:

No Relocation Assistance Available:

No Position Contingent Upon Award of Contract:

No #LI-EW1

Benefits:

Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays. Applying to

Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law. Torch Technologies, Inc. participates in E-Verify. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Careers Link as a result of your disability. You can request reasonable accommodations by sending an email to HR@torchtechnologies.com. Thank you for your interest in Torch Technologies. Torch Technologies is dedicated to providing superior research, development, and engineering services to the Department of Defense. As defense contractors, the services we provide directly support the men and women who serve our country. From the CEO's desk... When Bill Roark and Don Holder founded Torch in 2002, they knew that employees were the company's greatest asset. They believed that offering employees a stake in the outcome, by making them all owners, was critical to building a successful organization. I share that feeling. Bill and Don's original intent was fully achieved in 2011 when Torch converted to a 100 percent S-Corp ESOP. Since that time, the company has grown over ten-fold and gained national recognition for the success we have demonstrated as an employee-owned company. Today, Torch continues to respect the individual contributions of our employee-owners and to share the rewards of our success. In addition, we continue to foster an environment of employee recognition, respect, development, and comradery while striving to achieve a healthy work-life balance. We recognize that core to our company is a culture of trust with our employees, customers, business partners, and community. Our management team is committed to continue to earn that trust. This past year, Torch proudly announced that we were Certified Evergreen™. A timely achievement for Torch employee-owners as they will celebrate Torch's 20th anniversary this October, becoming Certified Evergreen™ signifies that while Torch employee-owners can look back on Torch's past with pride, Torch is also looking forward. Becoming Certified Evergreen™ means that Torch has committed to finding ways to make 100 percent employee ownership sustainable so that Torch will remain a private company forever. Going forward, Torch will continue to evolve to address market and technology changes in order to become a major provider of cost-effective technical services and solutions to the Warfighter. We are making significant investments into facilities, equipment, business systems, and research to enable us to provide innovations and timely business services to our clients. We feel that always looking to improve our service is key to sustaining customer trust in the future. Likewise, we believe that continuing to share ownership is one of the ways we maintain employee trust and an unparalleled commitment to succeed. Combined, these timeless principles form the basis of the Torch culture. A culture that we are committed to continue and strive to pass on to the next generation of employee-owners as an Evergreen Company.