Cyber Systems Engineer III

Lockheed Martin•Littleton, CO

1d•Hybrid

About The Position

The Cyber Software Engineer III is a senior-level, technically-deep role that bridges secure software development with embedded hardware platforms and complex networking infrastructures. This role is responsible for designing, developing, documenting, testing, and maintaining comprehensive cyber-security solutions throughout the entire lifecycle of our information systems. Using a variety of automated assessment tools, such as ACAS, Nessus, Rapid7, SCAP/SCC, Evaluate-STIG, custom scripts, and manual STIG checklists, the engineer conducts thorough system analyses, identifies security gaps, and creates actionable remediation plans. In this position, the Cyber Software Engineer III drives system-wide improvements, including the development of software-patching strategies, vulnerability-management roadmaps, and the adoption of new security technologies that strengthen overall resilience. A solid grasp of capability development is applied to shape, integrate, and monitor security strategies, while leveraging SIEM platforms and audit-log management tools to maintain continuous situational awareness and threat detection. A key part of the role is serving as the subject-matter expert for colleagues who integrate security controls into hardware and software products. The engineer translates Risk Management Framework (RMF) requirements into practical guidance, ensuring that controls are correctly embedded, validated, and aligned with organizational policies. Success requires advanced technical expertise, excellent written and verbal communication, and the ability to collaborate effectively with product owners, system architects, DevOps, and other cross-functional teams to deliver robust, compliant cyber solutions.

Requirements

Ability to obtain and maintain a TOP SECRET security clearance.
Possess or ability to obtain a CompTIA Security+ certification (or DoDM 8140.03 equivalent or higher certification) within 90 days of hire.
Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, Cybersecurity, or a closely related technical discipline.
6+ years of hands-on software development/scripting in a cyber focused environment.
Demonstrable experience integrating software with hardware platforms (e.g., FPGA, ASIC, microcontrollers, sensor suites, or avionics).
At least 3 years of work involving secure networking, cloud/on-premise infrastructure, SIEM, and large-scale system integration.

Nice To Haves

A Master’s degree or advanced coursework in cybersecurity, embedded systems, hardware security, or network engineering.
Defense Information Systems Agency (DISA) Assured Compliance Assessment Solution (ACAS) scanning experience.
Familiarity with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) testing.
Clear understanding of the Risk Management Framework (RMF) and its associated security controls.
Proven ability to develop, debug, and secure firmware/embedded code (C/C++, Rust, or Python) that interacts directly with hardware interfaces (UART, SPI, I²C, CAN, Ethernet, PCIe).
Experience with hardware-in-the-loop (HIL) testing.
Effective implementation of STIGS into Windows, Linux, VMware, and Networks, and Applications.
Deep knowledge of TCP/IP, UDP, TLS/DTLS, VPNs, VLANs, SD-WAN, and industrial networking protocols (e.g., MIL-STD-1553, ARINC 429).
Demonstrated experience designing, securing, and automating networked infrastructure using IaC tools (Terraform, Ansible) and container/orchestration platforms (Docker, Kubernetes).
Advanced familiarity with NIST CSF, DoD RMF, ISO 27001/27017, IEC 62443, and emerging hardware-focused security standards (e.g., NIST SP 800-193, Trusted Computing Group specifications).
Ability to embed these controls into both software and hardware development lifecycles.
Proven track record of leading cross-functional teams of software, hardware, and network engineers; mentoring junior staff; and driving security-by-design decisions across the product stack.
Strong written and verbal communication skills, with the ability to produce detailed architecture documents, threat-model reports, and stakeholder briefings.
Active participation in professional communities (e.g., IEEE, ISSA, DEF CON), attendance at hardware-security conferences, and a commitment to staying current on emerging threats, vulnerability disclosures, and best practices in cyber-physical system security.

Responsibilities

Designing, developing, documenting, testing, and maintaining comprehensive cyber-security solutions throughout the entire lifecycle of information systems.
Conducting thorough system analyses, identifying security gaps, and creating actionable remediation plans using automated assessment tools (ACAS, Nessus, Rapid7, SCAP/SCC, Evaluate-STIG, custom scripts, manual STIG checklists).
Driving system-wide improvements, including software-patching strategies and vulnerability-management roadmaps.
Adopting new security technologies to strengthen overall resilience.
Shaping, integrating, and monitoring security strategies using SIEM platforms and audit-log management tools.
Serving as the subject-matter expert for colleagues integrating security controls into hardware and software products.
Translating Risk Management Framework (RMF) requirements into practical guidance.
Ensuring security controls are correctly embedded, validated, and aligned with organizational policies.
Collaborating effectively with product owners, system architects, DevOps, and other cross-functional teams to deliver robust, compliant cyber solutions.