Scientist, Info Security Systems Engineer Secret - Palm Bay, FL
L3Harris Technologies
2024-11-18 09:53:35
Palm Bay, Florida, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Job Title: Information Security Systems Engineer
Job Code: 15297
Job Location : Palm Bay, FL
Job Description :
Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivitive processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings.
Essential Functions:
- Experience in Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package development.
- Experience with A&A package processing.
- Experience with NSA Type 1 Certification of cryptographic high value products.
- Experience with NSA High Assurance products and IASRD requirements.
- Experience in DoD software selection and approval processes for COTS, GOTS and FOSS.
- Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data.
- Assist program security in the development of policies and procedures for emerging security technologies.
- Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
- Experience with Security Testing and Verification
- Work is to be accomplished 100% onsite, in a lab environment, no options for remote support.
- Education:
- Bachelor's Degree and minimum 12 years of prior relevant experience, or
- Graduate Degree and a minimum of 10 years of prior related experience , or
- In lieu of a degree, minimum of 16 years of prior related experience
- System test and evaluation methods and RMF assessment methodology & process.
- Minimum of Collateral Secret security clearance required.
- Must be able to obtain and maintain a DOD 8140 certification (or NIST 800-181), appropriate for the position within 6-months of start.
- Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC.
- Program Protection and System Security Engineering experience to include support of accreditation activities.
- Experience with DOD 5200.39.
- Support vulnerability assessment activities as required.
- Experience in Model-Based Systems Engineering (MBSE).
- Experience in the application of DISA SRGs and STIGs.
- Windows and Linux system administration skills.
- Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk).
- Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
- Experience in Cyber Defense technologies.
- Experience with CI/CD, agile system development, and DevSecOps tools and processes.
- Understanding of system vulnerabilities and exploitation.
- Active Top Secret / SCI is highly desired.