Advanced Information Assurance Engineer

About The Position

Requirements

• Requires a Bachelor’s degree in Engineering, or a related Science or Mathematics field.
• Requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience.
• Department of Defense Top Secret security clearance is required at time of hire.
• Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
• Due to the nature of work performed within our facilities, U.S. citizenship is required.
• Strong understanding of cyber security technology and trends
• Recognizes various security architectural patterns, applies them appropriately, understands strengths/weaknesses within those security architectures
• Effectively selects and implements the appropriate cyber standards, processes, procedures, and tools throughout the system development life cycle to support the generation of the security engineering products
• Strong understanding of cyber security guidance such as Risk Management Framework (RMF) 800-53, STIGs, Cyber Survivability Endorsement Implementation Guide, and other government security specifications and guidelines.
• Excellent written and verbal communications skills
• Effective ability in communicating issues, impacts, and corrective actions as they affect the cyber design and implementation
• Excellent ability in reporting relevant cyber systems engineering design topics
• Effective communication and coordination with project leaders, the customer program leadership, and professionals within the Engineering department and with project teams
• Creative thinker, good multi-tasker

Nice To Haves

• Experience with DevSecOps
• CISSP or equivalent certification
• familiarity with Trusted Systems and Networks (TSN) analysis and Cybersecurity – Supply Chain Risk Management desirable
• Experience performing vulnerability and code analysis scans in DevSecOps environment (ex. Nessus, Static Code Analysis – SCA, STIGs).

Responsibilities

• Supports cyber security requirements analysis, security requirements definition, survivability/Cyber resilience analysis, system security design, security architecture generation, security trade studies, and security verification and validation with little or no supervision.
• Supports customer security requirements analysis, develops system security requirements and defines allocations to lower levels (subsystem, elements and components)
• Understands and provides cybersecurity inputs to MBSE models and Digital Engineering (DE)
• Supports assessments and mitigations of system security threats and risks throughout the program life cycle to develop cyber survivable systems
• Researches and analyzes data, such as vendor products, COTS components, GFE/CFE, specifications, and manuals to determine security of design
• Supports development of required security documentation, including items such as security plans, risk assessments and mitigation reports, and security tests plans and procedures in compliance with the IA policy
• Supports the development of the RMF body of evidence for security requirements including items such as system risk assessments and mitigation reports, security plans (SP), security testing plans and procedures, Security Control Traceability Matrices (SCTM), and System Impact Analyses.
• Supports the Assessment and Authorization (A&A) activities and the generation of the cyber package for the program leading to granting of the Authority To Operate (ATO)
• Supports the execution of the security testing and evaluation to ensure the correct implementation of security requirements