Position Description Are you an experienced Information Security executive looking for very challenging work? Are you looking for a real purpose in your profession? Do you want an opportunity to serve your country? We are looking for a Chief Information Security Officer who has the expertise, interpersonal skills, and wisdom gained from the lessons learned from your broad and deep experience in the major aspects of Information Security, including security engineering & architecture, security monitoring and incident response, Red Team, Identity & Access Management, and GRC (Governance, Risk, & Compliance). We are a mission-focused technology team within the US Air Force continuously developing, deploying and operating (\"DevSecOps\") mission-critical warfighting applications for the US Air Force that need to be highly secure, operationally available and mission capable 24x7x365 in highly contested environments. We are developing \"fit-for-purpose\" solutions for some of the most challenging problems you will encounter. If we do our job well, we will help save lives, make our Air Force more lethal, deter our adversaries, and promote peace. The CSO team is an integral part of Kessel Run\'s CIO organization, which provides IT direction to the enterprise and encompasses a broad range of IT capabilities: Warfighting (aka \"business\") architecture, application architecture & engineering, data, infrastructure & platform architecture, IT standards, testing, security, risk & controls. The heads of these functions report to the CIO. As CSO, you will be in a senior position working directly for the CIO. Given the breadth and critical importance of this role, you have broad and deep IT Security knowledge, combined with significant \"hands on\" experience, to lead the CSO organization and to be able to draw on your prior experience and lessons learned to quickly engage where needed to deliver high quality results. Your four primary areas of responsibilities will be: 1.Protect, Shield, Defend, Prevent 2.Monitor, Detect, Hunt 3.Respond, Recover, Sustain 4.Govern, Educate, Comply, and Manage Risk Responsibilities: Ensure that the organization\'s staff, policies, processes, practices, and technologies: Proactively protect, shield, and defend the enterprise (hosts, networks, systems, applications, databases, information)from cyber threats, and prevent the occurrence and recurrence of cybersecurity incidents. This includes COSTS, GOTS, or open source systems. Enforce OWASP ASVS 4.0, NIST 800-53, CNSSI 1253 requirements. Monitor ongoing operations, applications, and platforms and actively hunt for and detect potential adversarial activity Report and investigate suspicious and unauthorized events expeditiously. Minimize impact of any cybersecurity events and ensure that the organization\'s capabilities are rapidly deployed to return assets to normal operations as soon as possible. Provide ongoing oversight, management, compliance and performance measurement and reporting, and course correction of all cybersecurity activities.