Product Security Engineer - Weapons Direct Attack Programs

About The Position

Requirements

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science.
• Active Secret U.S. Security Clearance.
• U.S. Citizenship Required.
• Ability to work 100% onsite in St. Charles, MO.
• Experience using analytical, collaboration, communication and organizational skills.
• Experience using CAMEO (proficiency preferred).
• 2+ years of experience in Windows/RHEL System admin experience, installing, tuning & troubleshooting Cyber Tools to include ESS/HBSS, ConfigOS, Splunk, etc.
• 2+ years of experience in configuring, running, and scripting audit tools.
• 2+ years of experience using knowledge of Software Assurance (SwA) static and/or dynamic code analysis (e.g. Fortify).
• Experience with Federal Information Security Management Act (FISMA)/RMF and National Institute of Standards and Technology (NIST) 800-53 requirements.
• Experience leading system and component level cyber test and evaluation, including threat and security assessments, and tabletop exercises.
• Experienced self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concepts.
• Growing understanding of DoD defense systems architectures and communications system concepts, mission, and common system test and data analysis techniques.

Nice To Haves

• Current DoD 8570 certification at IAT Level II / IAM Level I or higher (e.g., Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA).
• 1+ years of experience in product security / cybersecurity engineering.
• 1+ years of experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS).

Responsibilities

• Work with industry partners to develop and execute a comprehensive assessment program for the Weapons Direct Attack portfolio within the Space, Intelligence & Weapons Systems (SIWS) organization.
• Act as the primary product security engineer for programs, assessing, updating, and maintaining their security posture.
• Continuously interact with the cyber team and compliance team to remediate vulnerabilities found during cyber scans.
• Assess organization-wide security and privacy risk and update assessment results on an ongoing basis.
• Perform system analysis and develop system tests for cyber threats, cyber test activities, and the cybersecurity of large-scale events.
• Ensure product security engineering development lifecycle is followed, with an emphasis on clear requirements development/verification (using CAMEO).
• Perform criticality analysis, including working with suppliers, identifying critical components, and integrating them into the overall system.
• Perform cyber risk assessments and develop risk mitigation plans (e.g., POA&Ms, SCRM) using tools like CAMEO.
• Support and facilitate various ATO/IATT packages, including processing IAVMs and CTOs.
• Perform software assurance tasks, including software assurance risk reports.
• Support proposal development efforts, including BOE generation, GR&A development, and trade study analysis.
• Support the engineering installation and analysis of patches and system updates/upgrades to determine system consequences.
• Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards.
• Apply Security Technical Implementation Guides (STIGs).
• Manage and address Cyber Tasking Orders (CTOs) related to Cyber Tools.
• Document and verify all installation and configuration steps for labs and operations deliveries.
• Provide feedback to Cyber Leadership and engineers to improve cybersecurity tools and processes.
• Collaborate with local Information System Security Officers (ISSOs) to ensure compliance with cybersecurity standards and regulations.
• Support cyber threat intelligence activities.
• Support the development and maintenance of cyber scanning, patching, remediation tools, and applications.
• Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and other compliance drivers.
• Perform and/or support the development of tools for cyber forensics.
• Develop, define efficiencies, and improve tools to enhance team productivity.
• Perform system analysis trade studies to define technical concepts and solutions.

Benefits

• Generous Paid Time Off (PTO)
• Flexible work schedules
• Paid parental leave for mothers and fathers
• 401k matching
• Tuition assistance for earning advanced degrees
• Paid medical leave programs
• Health insurance
• Flexible spending accounts
• Health savings accounts
• Retirement savings plans
• Life and disability insurance programs
• Programs for paid and unpaid time away from work