Product Security Engineer - Weapons Direct Attack Programs

About The Position

Requirements

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science.
• Active Secret U.S. Security Clearance.
• U.S. Citizenship Required.
• A U.S. Security Clearance that has been active in the past 24 months is considered active.

Nice To Haves

• Current DoD 8570 certification at IAT Level II / IAM Level I or higher (e.g., Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA).
• 1+ years of experience in product security / cybersecurity engineering.
• 1+ years of experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS).
• Experience using analytical, collaboration, communication and organizational skills.
• Experience using CAMEO (proficiency preferred).
• 2+ years of experience in Windows/RHEL System admin experience, installing, tuning & troubleshooting Cyber Tools to include ESS/HBSS, ConfigOS, Splunk, etc.
• 2+ years of experience in configuring, running, and scripting audit tools.
• 2+ years of experience using knowledge of Software Assurance (SwA) static and/or dynamic code analysis (e.g. Fortify).
• Experience with Federal Information Security Management Act (FISMA)/RMF and National institute of Standards and Technology (NIST) 800-53 requirements.
• Experience leading system and component level cyber test and evaluation, including threat and security assessments, and tabletop exercises.
• Experienced self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concepts.
• Growing understanding of DoD defense systems architectures and communications system concepts, mission, and common system test and data analysis techniques.

Responsibilities

• Work with industry partners in the development and execution of a comprehensive assessment program supporting the specialized Weapons Direct Attack portfolio of programs in the Space, Intelligence & Weapons Systems (SIWS) organization.
• Act as the primary product security engineer on the program for assessing, updating, and maintaining the security posture of the programs.
• Support the program’s systems by interacting continuously with the cyber team and compliance team to remediate any vulnerabilities found during automated or manual cyber scans.
• Assess organization-wide security and privacy risk and update assessment results on an ongoing basis.
• Perform system analysis and develop system test for cyber threats, cyber test activities, and the cybersecurity of large-scale events.
• Ensure product security engineering development lifecycle is followed, with an emphasis on clear requirements development/verification (using CAMEO).
• Perform criticality analysis to include the ability to work with suppliers, identify critical components, and integrating them into the overall system.
• Perform cyber risk assessments and develop risk mitigation plans (i.e., POA&Ms, SCRM, etc.) using a variety of tools including but not limited to CAMEO.
• Support and facilitate various ATO/IATT packages including processing IAVMs and CTOs for the same.
• Perform software assurance tasks, including but not limited to software assurance risk reports.
• Support proposal development efforts, including but not limited to: BOE generation, GR&A development, trade study analysis.
• Support the engineering installation & analysis of patches and various system updates and upgrades to determine system consequence of these changes.
• Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards.
• Apply Security Technical Implementation Guides (STIGs).
• Manage and address any Cyber Tasking Orders (CTOs) related to the Cyber Tools.
• Document and verify all installation and configuration steps for the labs and operations deliveries.
• Provide feedback to Cyber Leadership and engineers to improve the cybersecurity tools and processes.
• Collaborate with local Information System Security Officers (ISSOs) to ensure compliance with relevant cybersecurity standards and regulations.
• Support cyber threat intelligence activities.
• Support the development and maintenance of cyber scanning, patching, remediation, tools and applications.
• Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and other compliance drivers as needed.
• Perform and/or support the development of tools for cyber forensics.
• Develop, define efficiencies and improvements to tools to improve team productivity.
• Perform system analysis trade studies to define technical concepts and solutions.

Benefits

• Generous Paid Time Off (PTO)
• Flexible work schedules
• Paid parental leave for mothers and fathers
• 401k matching
• Tuition assistance for earning advanced degrees
• Paid medical leave programs
• Health insurance
• Flexible spending accounts
• Health savings accounts
• Retirement savings plans
• Life and disability insurance programs
• Programs that provide for both paid and unpaid time away from work