Cyber Systems Security Engineer - Level 4

About The Position

Requirements

• B.S. degree in a technical discipline such as Computer Science, Computer Engineering, Electrical Engineering, Computer Security, or Information Technology – or equivalent applied experience.
• Experience in cyber risk analysis, security assessment, and mitigation strategies.
• Experience utilizing Joint Special Access Program (SAP) Implementation Guide (JSIG), Committee on National Security Systems Instruction (CNSSI) 1253, and NIST SP 800-37 Risk Management Framework (RMF) to design and harden information systems commensurate with customer needs.
• DoD CWF 8140/8570 IAT Level II certificate such as CompTIA Security+, CySA, CCNA Security, SSCP or GSEC.
• Project management experience including defining requirements and developing detailed execution schedules/roadmaps
• Experience developing Contract Basis of Estimate (BOE) language based on Customer provided Statement of Work (CSOW)
• Strong analytical and organizational skills with excellent written and verbal communication skills and the ability to work in a dynamic work environment including creating and presenting technical information to senior-level executives and customers
• Strong communication skills and ability to collaborate with cross-functional teams to integrate security considerations into platform development.
• Must be a US Citizen; this position is located in a facility that requires special access and requires a Secret clearance.
• Active Secret Clearance or higher.
• Ability to travel as required (typically up to 20%)

Nice To Haves

• IASAE Level II – IAW 8570 or higher certification (CASP+ CE, CISSP, CSSLP)
• Experience analyzing, decomposing, and allocating security controls into executable security requirements at the system, sub-system and component level
• Experience with secure software development concepts (e.g. static code analysis, dynamic code analysis, STIG/SRG hardening, etc.) as applied to high-level programming languages (C, C++, Java)
• Experience with engineering change processes and/or configuration control processes
• Extensive experience developing and maintaining core security documentation artifacts for A&A Packages including Security Control Traceability Matrix (SCTM), System Security Plan (SSP) and/or Information Assurance Standard Operating Procedures (IA SOP), Plan of Action & Milestones (POA&M), and Risk Assessment Report (RAR)
• Extensive knowledge of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Expertise/knowledge in both compliance testing and penetration testing methodologies.
• Experience with Real-Time Embedded Operating Systems (e.g. GreenHills INEGRITY, LynxOS, VxWorks, Yocto)
• Experience with Agile project management tools (JIRA, VersionOne, etc.)
• Experience conducting technical trade studies and assessments
• Must be willing to mentor junior-level team members
• Experience with creating and presenting technical information to senior-level executives and customers
• Demonstrated problem-solving and troubleshooting skills
• Proficient technical writing skills
• Strong analytical and organizational skills with excellent communication skills (written and verbal communications) and have the ability to work in a dynamic work environment
• Experience working in an aerospace design environment with exposure to DoD customers and their accrediting authorities.
• Hands-on experience with security-related documentation and processes for obtaining ATOs.
• Knowledge of software code analyzers, review and generation of risks reports based on threats and vulnerabilities.

Responsibilities

• ensuring that cyber security requirements are properly defined, decomposed, allocated, implemented, and assessed to produce a cyber-resilient security design solution for the target platform (Air System or Weapon System)
• participating in working groups, design reviews, and formal artifact reviews alongside other Subject Matter Experts (SMEs) within the overall platform
• providing security expertise to ensure that cyber security is considered early in the product development lifecycle
• conduct a range of cyber risk analysis and security assessment methods
• implement patches and Security Technical Implementation Guides (STIGs) to address cyber vulnerabilities, feature changes, or obsolescence
• develop documentation for specific installations and configurations necessary to obtain Authorizations to Operation (ATOs) in support of program schedules
• contribute to and implement Plans of Actions and Milestones (POA&Ms) to mitigate open cyber risks
• communicate effectively with a range of audiences, technical and non- technical
• function effectively on an engineering team to create a collaborative environment that allows for the establishment of mission goals, itemized planning of tasks, and prioritization of tasks that drives the efficient execution of objectives

Benefits

• flexible work schedules
• comprehensive benefits investing in your future and security
• Medical
• Dental
• Vision
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• 401(k) match
• Flexible Spending Accounts
• EAP
• Education Assistance
• Parental Leave
• Paid time off
• Holidays