This position is for a Principal Cyber Engineer to support the NORAD Cheyenne Mountain Complex/Integrated Tactical Warning, Attack & Assessment Support Contract (NISSC) and other legacy space, ITW/AA and mission support programs managed and administered in the Colorado Springs region.
- Engages with customer to define/validate cybersecurity requirements, develop the backlog, render proposed solutions, and assign implementation/fix actions based on the Cybersecurity Roadmap/Customer priorities and timelines
- Serves as AGILE Product Owner for Risk Management Framework (RMF) projects and related task (Story) definition and assignment
- Establishes rapport and collaborates with the various NISSC program and functionally matrixed engineering disciplines (SE, HW, SW, Logistics , etc.) on the status of cybersecurity systems and solution alternatives
- Supports the NISSC Program Protection Lead and Delivery Order (DO) Information Systems Security Engineer(s) (ISSE) in the analysis of cybersecurity collected data and test results for both planned and proposed future system upgrades/major releases and prepares/maintains supporting documentation (cybersecurity test plans, vulnerability assessment reports, verification results, etc.)
- Researches vulnerability assessment/verification/scan and other IA compliance/V&V results and makes recommendations to the Program Engineer, Program Protection Lead and/or Systems Security and Assess and Authorize (A&A) personnel as appropriate
- Prepares documentation (artifacts and bodies of evidence) to support A&A activities necessary to ensure system sustained Approval to Operate (ATO)
- Directs NISSC A&A SMEs in the gathering, maintenance and proper traceability of cybersecurity artifacts/bodies of evidence in eMASS and/or the IDE is sustained
- Engages with NISSC ISSE/ISSO(s) in the conduct of cybersecurity audits to ensure appropriate implementation and compliance of the security posture through the system development lifecycle
- Assists with the development and documentation of system security test plans, assessments and verification/validation of the proper implementation of security controls on networking devices, databases, operating systems, hardware and software components, to include providing systems security engineering support services to Delivery Orders (DOs) by assisting with the assessment of code against the Common Weakness Enumeration (CWE), Common Vulnerability and Exposure (CVE), and Open Web Application Security Project (OWASP) throughout the development effort and preparing associated reports for contract leadership and Government customers summarizing the vulnerabilities and types of vulnerabilities found in terms of the specific CWE, CVE, and (OWASP) identifiers found during each analysis
- Assists with the testing of all software with a variety of simulated patterns of common attacks using security testing methodologies, including fuzz testing, vulnerability testing, penetration testing, and misuse and abuse testing throughout the development effort and preparing required documentation, to include reports for contract leadership and Government customers summarizing the patterns of attacks used, in terms of the Common Attack Pattern Enumeration and Classification (CAPEC) identifiers, during each test activity and for the tests of the final delivery
- Identifies, responds to, and reports on Information Assurance/Cybersecurity Incidents IAW DoD 8500.2, DoDI O830.02, AFI 33-138, NISSC Program Policy and/or other governing directives, instruction and orders/cyber orders as appropriate
? Must possess DoDI 8570.01-M IAT Level-III (CISSP) Compliant Certification with at least one supporting CE/OS certificate in UNIX, Linux and/or MS operating systems.
? Proven past performance and technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, determination, development, and implementation
? Previous experience with execution of AGILE principles/proven performance leading and the integration of security principles into all phases of acquisition, upgrade, and modification programs
? Previous experience with the review/assessment of contract Statements of Work, Statements of Objectives, Requests for Proposals, Systems Change Requests and Contractor Data Requirement Lists
? Proven ability to capture/justify supporting Basis of Estimates (BOEs)/manpower requirements and ensure the successful inclusion of cybersecurity principles, activities and necessary resources (personnel and tools) into project Delivery Orders
? Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGs) and USCYBERCOM
? Previous ISSO experience with IA vulnerability testing and related network and system test tools; e.g., ACAS, Retina, NMap, Nessus, Security Content Automation Protocol (SCAP)
? Understanding of Systems Engineering requirements, specifications, and Experience implementing DoD and Federal IA Risk Management Framework (RMF) Processes, assessing and validating compliance with IA controls and developing and maintaining associated A&A documentation
? Experience with information security toolset including anti-virus, Vulnerability Assessment, HIDS/ NIDS
? Experience with network and system security administration, including operating system security configuration and account management best practices for UNIX (HP-UX & Solaris), MS Windows, Red Hat Enterprise Linux, and CISCO system
? Working knowledge of cyber security toolset including anti- virus, HIDS, NIDS, and HBSS
? Ability to organize, multi-task and prioritize tasks in a fast paced, deadline driven environment
? Possess a minimum of an active U.S. Government Secret clearance, with the ability to obtain and maintain a Top Secret clearance
? Familiar with NIST Risk Management Framework as described in NIST Special Publication 800-37 and 800-53
? Familiar with Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39
? Experience working U.S. Government contract proposals (ideally with AFLCMC) as an Information Assurance/ Information Security Engineering subject matter expert
? ITIL v3 Information Technology Infrastructure Library Foundations or higher
Bachelor?s degree in Engineering/Technical discipline and at least 8 years prior relevant experience with mandatory professional certifications (Advanced degree and at least 6 years? experience); or must have equivalent experience with combined education (i.e. Associate's degree and 12 years of related experience) or the equivalent of 16 years technical experience.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.