Address
Form of workJob Title: Scientist, Info Sec Systems Engineer Job Code: SAS20231110-107104 Job Location: Colorado Springs, CO Job Description: Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products.
Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivative processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems.
Represents program security needs, concerns, and requirements at customer meetings. Essential Functions: Function as the program-level Senior Cybersecurity Manager for all Cybersecurity-related program activities. Provide technical architectural oversight on the development of all Cybersecurity-related solutions.
Participate in the process of identifying, developing, and assisting in the technical integration of Cybersecurity-related policies, principles, requirements, and architectures including cross-functional processes, procedures, and work instructions. Requires mastery level knowledge within cyber engineering and broad management and leadership knowledge to lead technical teams or manage across the function. Recommends tactics and strategies that will directly impact the achievement of overall program results.
Establishes tactics for group with short- to mid-term impact on program's cybersecurity results, to include compliance with system categorization for Confidentiality, Integrity, and Availability (CIA); the processing, storing, and transferring of Controlled Unclassified Information (CUI); Business Continuity planning (i.e., Disaster Recovery, High Availability, and Continuity of Operations). Develops recommendations on new products/emerging security technologies, and program-level processes, policies, standards, or operating plans in support of program strategy. Develops recommendations for the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
Responsible for improving upon existing processes using significant conceptualizing, reasoning, and interpretation. Analyzes problems to seek understanding of the root cause of the problem. Communicates within and outside of the organization which includes larger customers or vendors.
Works to influence others to accept team's view/practices and agree/accept new concepts, practices, and approaches. Conducts briefings to senior leaders and customers on matters of cybersecurity status, accreditation schedules and vulnerability management. Support vulnerability management activities to include tracking of vendor released security patches, CVEs and IAVMs, hardware/software obsolescence, and the analysis of assessment results.
Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data. Oversee Cybersecurity evaluations during Emergency Depot Level Maintenance/Urgent Depot Level Maintenance (EDLM/UDLM) events. Guide, review, and approve the development and maintenance of long-range Cybersecurity risk burn-down roadmaps.
Chair or participate in Configuration Working Groups, Cybersecurity Working Groups (CWG), Engineering Review Boards (ERBs), and other technical meetings. Drive the implementation of cybersecurity lessons learned across systems. Knowledge of/prior experience of Static Application Security Testing (SAST) for Application Security and Development STIG compliance using tools such as Fortify and Gitlab as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports.
Knowledge of/prior experience in Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package development. Knowledge of/prior experience with A&A package processing in eMASS and Xacta. Knowledge of/prior experience in DoD software selection and approval processes for COTS, GOTS and FOSS.
Knowledge of/prior experience in the application of DISA SRGs and STIGs. Knowledge of/prior experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC. Understanding of security control inheritance in terms of IaaS, PaaS and SaaS relationships.
Work is 100% on-site and cannot be accomplished remotely. Qualifications: Education: Bachelor's Degree and minimum 12 years of prior relevant experience, or Graduate Degree and a minimum of 10 years of prior related experience, or In lieu of a degree, minimum of 16 years of prior related experience. Top Secret / SCI security clearance required.
DOD 8570.01M IAT-3 or IASAE-2 certification. Preferred Additional Skills: Knowledge of C2S Cloud authorizations, FedRAMP and DISA CSP requirements. Experience in Model-Based Systems Engineering (MBSE) and Digital Engineering methodologies.
Experience with Windows and Linux system functionality. Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk). Strong understanding of engineering processes, concepts and information security Systems Engineering principles (NIST SP 800-160 Vol1).
System test and evaluation methods and RMF assessment methodology & process. Experience in Cyber Defense technologies. Experience with CI/CD, agile system development, and DevSecOps tools and processes.
Understanding of system vulnerabilities and exploitation. Top Secret / SCI w/Polygraph desired. In compliance with Colorado's Equal Pay for Equal Work Act, the salary range for this role in Colorado is $125,500 - $233,500 (salary ranges in other locations could differ).
This is not a guarantee of compensation or salary, as final offer amount may vary based on factors including but not limited to experience and geographic location. L3Harris also offers a variety of benefits including: health and disability insurance, 401(k) match, flexible spending accounts, EAP, education assistance, parental leave, paid time off, and company-paid holidays. The specific programs and options available to an employee may vary depending on date of hire, schedule type, and the applicability of collective bargaining agreements
