Product Security Engineer

About The Position

Requirements

• Bachelor of Science degree from an accredited course of study in Engineering, Engineering Technology (includes Manufacturing Engineering Technology), Chemistry, Physics, Mathematics, Data Science, or Computer Science.
• Active Top Secret clearance
• Current DoD 8570 certification at IAT Level II / IAM Level I or higher (e.g., Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA)
• 1+ years experience in product security / cybersecurity engineering
• 1+ years experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS)
• Experience using analytical, collaboration, communication and organizational skills
• U.S. Citizenship Required

Nice To Haves

• 2 years+ experience in Windows/RHEL System admin experience, installing, tuning & troubleshooting Cyber Tools to include ESS/HBSS, ConfigOS, Splunk/Elastic etc.
• 2 years+ experience in configuring, running, and scripting audit tools
• 2 years+ experience using knowledge of Software Assurance (SwA) static and/or dynamic code analysis (e.g. Fortify)
• Experience with Federal Information Security Management Act (FISMA)/RMF and National institute of Standards and Technology (NIST) 800-53 requirements
• Experience leading system and component level cyber test and evaluation, including threat and security assessments, and tabletop exercises
• Experienced self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concept
• Growing understanding of DoD and missile defense command and control, battle management, architectures and communications system concepts, mission, and common system test and data analysis techniques

Responsibilities

• Work with other industry partners in the development and execution of a comprehensive assessment program supporting the C2BMC Element of the Ballistic Missile Defense System.
• Act as the primary group to for testing and applying patches on all main software/application systems on the system including workstation and servers.
• Interact continuously with the cyber team compliance team to remediate any vulnerabilities founding during automated or manual cyber scans.
• Develop and verify installation instructions for Cyber Tools and Vendor Patches.
• Apply Security Technical Implementation Guides (STIGs).
• Manage and address any Cyber Tasking Orders (CTOs) related to the Cyber Tools.
• Integrate, configure and automate the installation of the Elastic Stack with the existing set of Cyber Tools on the C2BMC system.
• Work with various C2BMC teams to ensure compatibility and seamless integration of Cyber Tools within the larger system.
• Document and verify all installation and configuration steps for the labs and operations deliveries.
• Provide feedback to Cyber Leadership and engineers to improve the cybersecurity tools and processes.
• Verify the Elastic Stack meets contractual requirements.
• Document the installation and deliver installation instructions to deploy the Elastic Stack.
• Install, deploy, and unit test other Cyber Tools such as ACAS, ArcSight, BigFix, Delinea, Endgame, ESS, Axway Repeater, and Responder for Windows MFA in National Team (NT) labs, the C2BMC Testbed (CTB), and Operations.
• Collaborate with local Information System Security Officers (ISSOs) to ensure compliance with relevant cybersecurity standards and regulations.
• Assess organization-wide security and privacy risk and update assessment results on an ongoing basis.
• Perform system analysis and develop system test for cyber threats, cyber test activities, and the cybersecurity of large-scale events.
• Perform cyber risk assessments and develop risk mitigation plans.
• Support the engineering installation & analysis of patches and various system updates and upgrades to determine system consequence of these changes.
• Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards.
• Support cyber threat intelligence activities.
• Support the development and maintenance of cyber scanning, patching, remediation, tools and applications.
• Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and other compliance drivers as needed.
• Support and facilitate various ATO packages including processing IAVMs and CTOs for the same.
• Perform and/or support the development of tools for cyber forensics.
• Develop, define efficiencies and improvements to tools to improve team productivity.
• Perform system analysis trade studies to define technical concepts and solutions.

Benefits

• generous Paid Time Off (PTO)
• flexible work schedules
• paid parental leave for mothers and fathers
• 401k matching
• tuition assistance for earning advanced degrees
• paid medical leave programs
• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• a number of programs that provide for both paid and unpaid time away from work