SECURITY ASSESSMENT TESTER
Raytheon Cybersecurity & Special Missions (CSM) provides cybersecurity and advanced intelligence solutions that strengthen our global customers' critical infrastructures, information systems and mission.
Raytheon supports a mission critical full life-cycle Enterprise Information Technology (IT) Services contract, which includes strategic initiatives, establishing policies, providing governance, defining IT solutions, and delivering IT capabilities through innovation, transformation, and collaboration. Raytheon is looking for cleared, industry leading IT professionals to deliver innovative, mission critical IT capabilities and services in support national defense.
The Security Assessment Tester will examine information systems to determine if vulnerabilities exist and, if they are found, what mitigating strategies can be applied. The end goal is to ensure the systems integrity by identifying and mitigating potential avenues of exploitation, including system level attacks and user level attacks. The Security Assessment Tester coordinates planning, scheduling, and testing of projects in the Certification and Accreditation (C&A) process.
JOB DUTIES /TASKS & RESPONSIBILITIES:
* Develop and document security evaluation test plan and procedures
* Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.).
* Assist in researching, evaluating, and developing relevant Information Security policies and guidance.
* Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.
* Brief management, as needed, on the status of action items and/or results of activities.
* Conduct hands-on security testing analyze test results, document risk, and recommend countermeasures.
* Coordinate with other program elements conducting security testing.
* Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
* Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.
* Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports to sponsor on the tool capabilities, in support of potential procurement by the Sponsor.
* Perform network security analysis and risk management for designated corporate networks.
* Develop, assemble, and submit C&A testing results reports that document testing activity and results to support the creation of C&A risk assessments and C&A approval packages.
* Clarify security requirements and recommend security countermeasures
* Read and analyze SSPs and develop understanding of systems and applications into security test plans.
EXPERIENCE & SKILLS:
* Security Assessment Experience (specific computer languages, systems or technologies, expertise with the subject matter or technology outweighs the number of years of experience, especially with emerging technologies.), commensurate with education, as outlined below.
* Strong technical skills and analytic abilities, as well as, experience performing network security analysis and risk management.
* Broad knowledge of network architectures and network management tools
* Demonstrated ability to perform complex technical tasks in pursuit of overall goals with minimal direction.
* First rate written and oral communications skills.
* Ability to translate an understanding of systems and applications into security test plans and perform hands on security testing.
* Knowledge of risk management methodologies.
* Demonstrated ability to analyze test results and suggest mitigations for security problems.
* Broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, evaluating, and developing relevant security policies and guidance.
* Working knowledge of Intelligence Community Information Assurance policies and regulations and how the certification and accreditation (C&A) process relates to it.
* Ability and skill in using Information Assurance test and risk assessment tools.
* Degree in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline
* Masters plus 3 years' experience; Bachelors plus 5 years' experience; Associate plus 7 years' experience; High School/GED plus 9 years' experience.
* Either an ISC2 CISSP certification or SANS GSEC certification within 9 months of start date on the contract.
Qualified applicants may be subject to a security investigation and must meet minimum qualifications for access to classified information.
*** U.S. Citizenship and an active TS/SCI with favorable polygraph Security Clearance is required. ***
Position is contingent upon contract award and may be filled by Team Raytheon members
This position requires a US person.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.