Lead, Information Security Systems Engineer - NGJ
Company: L3Harris Technologies
Location: Provo
Posted on: October 30, 2024
|
|
Job Description:
Job Title: Lead, Information Security Systems Engineering - NGJ
Job Location: Salt Lake City-UT Job Code: 15816 Job Schedule: 9/80,
every other Friday off Position Overview: This Subject Matter
Expert will apply current systems security engineering methods,
practices and technologies to the architecture, design,
development, evaluation and integration of systems and networks to
maintain system security and execute system CONOPS. The Lead will
work closely with Government customers and program stakeholders to
ensure that the security protection needs, concerns and
requirements are defined and implemented with appropriate fidelity
and rigor, early and in a sustainable manner throughout the life
cycle of system that will allow for the security authorization of
the system of interest. Job Description: Works with systems
developers or commercial product vendors in the design and
evaluation of state-of-the-art secure systems, networks, and
database products. Uses methods such as encryption technology,
vulnerability analysis and security management. Responsible for
integration of multiple methods into a cohesive system security
perimeter and environment and the policies and procedures necessary
to monitor and maintain such an environment. Prepares Assessment
and Authorization documentation using multiple standards under RMF
and derivative processes (DOD 8510.01M, JSIG, ICD-503, CNSSI 1253),
to achieve security authorization of supported systems. Represents
program security needs, concerns, and requirements at customer
meetings. Leads and contribute to all Product or Network
Information Security Engineering activities pertaining to CDRLs,
trade studies, security requirements analysis, secure architecture
development, management & compliance with security controls, design
review milestones (SRR, SDR, PDR, CDR) and security
test/verification activities Performs system CONOP analysis and
development Contributes to all Product and/or Security Engineering
activities pertaining to CDRLs, trade studies, security
requirements analysis, secure architecture development, management
& compliance with security controls, design review milestones (SRR,
SDR, PDR, CDR) and security test/verification activities Perform
functional analysis, timeline analysis, detailed trade studies,
requirements derivation and allocation, and interface definition
studies to translate customer Information Security requirements
into hardware and software specifications Provide Cyber technical
leadership for development teams building new multi-discipline
(mechanical, electrical, software, hardware etc.) products Provide
Cyber technical leadership to development teams at internal and
external gate reviews such as technical baseline reviews and design
reviews Identify security risks, threats and vulnerabilities of
networks, systems, applications, and new technology initiatives
(hardware, software, cross-domain solutions, cryptographic devices,
firewalls, intrusion detection systems, anti-virus systems and
software deployment tools) Ensure RMF Information Security
requirements and Program Protection requirements are addressed in
all phases of the System Development Lifecycle (SDLC) Conduct
security architecture analysis to evaluate and mitigate risks DoD
8570.01-M IASAE Level 3 certification (e.g. CISSP, ISSEP, ISSAP)
Active Top Secret Required Qualifications: Bachelor---s Degree with
a minimum of 9 years of prior related experience. Graduate Degree
with a minimum of 7 years of prior related experience. In lieu of a
degree, minimum of 13 years of prior related experience. Preferred
Qualifications: Active Top Secret/SCI Security Clearance preferred
Minimum of 7 years of experience with vulnerability research and
analysis of computer hardware, appliances, and/or embedded systems
Minimum of 7 years of experience with Risk Management Framework
(RMF) accreditation and authorization (A&A) processes to
include RMF steps 1-4 (categorization, controls selection, control
implementation, security assessment) and standard body of evidence
(BoE) package development Minimum of 2 years of experience in
writing and managing RMF body of evidence documents (e.g., System
Security Plan (SSP), Security Compliance Traceability Matrix
(SCTM), Certified Test Plan (CTP), Risk Assessment Report (RAR),
Continuous Monitoring (ConMon) Plan, Plans of Action and Milestones
(POA&M), and Security Assessment Plans and Procedures (SAPP)
Minimum 2 years of experience with system testing and evaluation
methods and RMF assessment methodology & processes Minimum of 10
years of experience with IC and DoD Cyber organizations, including
structure, engagement, customer relationship management, and
Business Development Minimum of 5 years of experience with DCO and
OCO Cyber Effects Operations (CEO) Minimum of 5 years of experience
leading technical teams, decomposing requirements, solution
development, implementation, and testing/qualification across a
portfolio Minimum of 5 years of experience with computer hardware
architecture, components, and protocols Minimum of 3 years of
experience with Modular Open Systems Approach (MOSA) standards
Experience in validating the NSA Crypto Modernization Experience
developing security overlays, data flow diagrams, internal
requirements, CONOPs and interface control documents from customer
and/or product requirements Experience with administration and
securing Linux (RHEL/CentOS), Microsoft products including Windows
Server 2016, Windows 10, Microsoft System Center Configuration
Manager, and WSUS Experience in configuration and use of cyber
defense and vulnerability assessment tools such as ACAS/Nessus,
Rapid7 Nexpose, etc Experience with architectures integrating
VLANs, VRF, virtual switching, multi-layer switching, Multi-layer
Firewalls, ACLs, secure configuration, VPN (IPSEC) Foundational
knowledge of Layer 3 architecture and diagramming within Visio or
other commercial products Understanding of routing and switching as
employed in telecommunications and network traffic General
knowledge of common threats to information systems and how
compromise would damage system integrity Exposure to model-based
systems engineering (MBSE) tool suites (e.g., Cameo) and associated
processes Experience with application of STIGs, CIS Benchmarks,
and/or SCAP and developing associated POAMs Working knowledge of
embedded systems, appliances, FPGA, single-board computers,
chipsets, and microprocessors Engineering experience in
non-traditional national security missions LI-CJ1
Keywords: L3Harris Technologies, Draper , Lead, Information Security Systems Engineer - NGJ, IT / Software / Systems , Provo, Utah
Click
here to apply!
|