Cybersecurity Engineer

IronMountain Solutions•Huntsville, AL

5d•Onsite

About The Position

IronMountain Solutions is seeking a Cybersecurity Engineer to provide aviation weapon-system cybersecurity support for the MV-75 Program. This position supports the U.S. Government MV-75 Program Office by advising on the cybersecurity risk posture, RMF strategy, platform security requirements, tactical Authorization to Operate (ATO) readiness, and cybersecurity compliance of the MV-75 weapon system. Candidates should be highly motivated, a self-starter, and able to work effectively across Government, OEM, system engineering, cyber, test, airworthiness, software, and acquisition stakeholders. Candidates must have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance. Per Federal regulations; only citizens of the United States are able to obtain a Clearance.

Requirements

BS degree in Cybersecurity, Computer Engineering, Electrical Engineering, Systems Engineering, Computer Science, Aerospace Engineering, or a related technical field.
10+ years of relevant cybersecurity, systems security engineering, RMF, and tactical/embedded security.
Experience supporting DoD weapon systems, aviation platforms, tactical systems, embedded systems, mission systems, or platform cybersecurity authorization activities.
Knowledge of RMF processes, ATO packages, security control implementation evidence, POA&Ms, continuous monitoring, and cybersecurity risk acceptance
Ability to interpret cybersecurity controls and translate them into platform-relevant requirements, verification criteria, technical risks, and operational impacts.
Familiarity with aviation or tactical system architectures, including avionics, mission systems, databus interfaces, support equipment, software loads, embedded controllers, tactical networks, or platform integration environments.
Experience reviewing or developing cybersecurity documentation such as SSPs, SAPs, SARs, SCTMs, POA&Ms, CONMON strategies, architecture diagrams, accreditation boundaries, PPSM/ports-protocols-services data, and system security requirements.
Strong written and verbal communication skills with the ability to explain technical cybersecurity risk to engineering acquisition, test, and leadership audiences.
Ability to develop strong working relationships with MV-75 personnel, Government stakeholders, OEM representatives, and supporting contractors.
Ability to manage complex technical issues, coordinate across multiple organizations, and provide clear recommendations to Government leadership.
Candidates have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance.
Only citizens of the United States are able to obtain a Clearance.

Nice To Haves

Aviation system acquisition experience desired.
Familiarity with embedded real-time operating systems is preferred.
Familiarity with aviation and tactical interface standards such as MIL-STD-1553, ARINC-429, ARINC-664, ARINC-653, Ethernet, CAN bus, tactical radios, and tactical data links

Responsibilities

Support the MV-75 Program Office as a tactical aviation weapon-system cybersecurity engineer focused on platform risk, RMF execution, and embedded system security solutions
Review, assess, and advise on OEM on cybersecurity artifacts, including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, continuous monitoring strategies, hardware/software inventories, architecture diagrams, interface descriptions, and control implementation evidence.
Translate RMF controls into aviation platform-relevant requirements, verification approaches, and risk statements that apply to embedded avionics, mission systems, tactical databus architectures, software loads, maintenance systems, and support equipment
Support cybersecurity requirements decomposition, allocation, traceability, and verification across MV-75 system, subsystem, software, hardware, mission equipment, and external interface boundaries.
Advise the Government on cybersecurity risk posture, residual risk, mitigation sufficiency, operational impacts, and ATO decision readiness for the MV-75 platform.
Review cybersecurity implementation evidence against applicable DoD, Army, and program requirements, including RMF, NIST SP 800-53/800-53A, DoDI 8510.01, Army cybersecurity policy, and program-specific authorization guidance.
Coordinate with Government cybersecurity, systems engineering, test, airworthiness, logistics, software, and acquisition stakeholders to ensure cybersecurity considerations are integrated into platform engineering and program decision processes.
Assess cybersecurity impacts of proposed engineering changes, software updates, configuration changes, interface changes, obsolescence actions, and system-of-systems integrations.
Review vulnerability assessment results, scan outputs, penetration test findings, software assurance results, supply chain risk inputs, and cyber test evidence to determine platform-level risk and required Government action.
Support cybersecurity input to test planning, verification events, lab events, flight test readiness, operational test planning, and Government reviews.
Evaluate cybersecurity risks associated with embedded real-time operating systems, avionics networks, mission systems, tactical data links, aircraft maintenance interfaces, ground support equipment, and external system interfaces.
Support development of risk-based recommendations for control tailoring, inherited/common controls, compensating controls, mission-based risk acceptance, continuous monitoring, and POA&M closure.
Assist the Government in preparing decision-quality cybersecurity briefings, risk summaries, authorization status updates, and technical recommendations for program leadership and authorizing officials.
Maintain awareness of platform cybersecurity issues across acquisition, development, test, fielding, sustainment, and modernization activities.