8 months ago
The Systems Security Engineer (SSE) is responsible for conducting Systems Security Engineering activities throughout the acquisition life-cycle ensuring the highest quality of Cybersecurity/Information Assurance (IA) solutions for SNC and supported customers. The SSE’s primary focus is ensuring the confidentiality, integrity, and availability of systems. The SSE closely collaborates with the system owners, administrators, engineers, and program managers to ensure cybersecurity controls are effectively implemented throughout the system life-cycle. The SSE is a vital contributor within SNC’s highly dynamic and fast-paced environment.
PRIMARY RESPONSIBILITIES INCLUDE:
* Lead System Security Engineering (SSE) and Cybersecurity/IA efforts by establishing or validating the system boundary in describing the IS, its functions, information types operating environments, and security requirements
* Team with SNC, customer, partner, and Authorization Officials (AO) to prepare systems for Assessment & Authorization (A&A) in accordance with established NISPOM, RMF for DOD IT, ICD 503, JSIG & NIST guidelines
* Create and Maintain A&A/RMF documentation: Security Plan, Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Risk Assessment Report, Security Assessment Plan and Report; Contingency Plan, Incident Response Plan, and Configuration Management
* Capture and refine cybersecurity requirements and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
* Employ best practices when implementing security requirements within systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
* Conduct security control assessments; review the adequacy of the security controls and their ability to protect the system and its information; tailor the security controls to ensure compliance
* Coordinate the system security related activities with ISO’s, ISSM’s and CCP’s
* Represent IA in the configuration management process; provide guidance in any acquisition/development activities that impact system security
* Plan and conduct annual and/or ad hoc vulnerability scanning and security control assessments at customer sites to ensure compliance with Authorizing Official requirements (Continuous monitoring)
* Participate in proposal efforts containing Cybersecurity/IA-related SOW/tasks to address scope, capability, cost, schedule, and resources
* Read, interpret, and implement Cybersecurity/IA regulations and requirements; develop and maintain managerial, operational, and technical Cybersecurity/IA skillset
* Collaborate with security managers (both corporate and local), other SSE’s and SSM’s to define, improve, implement and maintain information security policies, strategies, and procedures
* Support Corporate-wide Security initiatives
* Interface with company and customer staff at all levels
* Periodic travel to SNC, customer and partner facilities in support of programs
ADDITIONAL RESPONSIBILITIES INCLUDE:
* Follow SNC policies, procedures and work instructions for all technical activities
* Punctuality to work each day and prepared to work scheduled work hours
* Flexible work hours required
* Off-hours implementations and remote site travel a must
* Other duties as assigned
Responsible for thoughtful adherence to all SNC Policies, Procedures, and Compliance regulations (internal and external)
* Minimum physical requirements to perform all duties and responsibilities, as defined by management
SNC job descriptions are meant as summarizations only. They do not necessarily reflect all duties and responsibilities of a position.
* Requires a BS in related field *Relevant work experience as a Network Analyst/Administrator/Engineer, Systems Analyst/Administrator/Engineer, IT Analyst/Administrator, Software Engineer etc… may substitute for required education.
* 10+ years of related Security experience
* DoD 8570/8140 compliant: CAP, CISSP, ISSEP and/or other equivalent certification (desired) *Required within 6 months of hire. Cisco, Microsoft, Linux, or other technical certifications a plus
* Experience in supporting Information Technology (IT) within a classified environment
* Extensive experience with the following tools: Splunk or ELK, ACAS / Nessus, HBSS, eMASS or Xacta (desired)
* Knowledge of technical standards relating to systems security; experience administering UNIX, Linux, and Windows operating systems, experience with large-scale server systems, thin client architecture, system virtualization and other related peripherals
* Experience with A&A requirements as outlined in the NISPOM, RMF for DOD, ICD 503, JSIG & NIST RMF
* Complete/thorough understanding of US Government Cybersecurity policies
* Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture
* Strong communication skills, strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and deal effectively with changing project priorities
* Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
* High degree of attention to detail
* This position requires a current/active (in-scope) Top Secret U.S. Security Clearance with SCI eligibility. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-US citizens may not be eligible to obtain a security clearance. The Defense Industrial Security Clearance Office (DISCO), an agency of the Department of Defense, handles and adjudicates the security clearance process. Security clearance factors include, but are not limited to, allegiance to the US, foreign influence, foreign preference, criminal conduct, security violations and drug involvement.
* To conform to U.S. Government export regulations, applicant must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
Sierra Nevada Corporation is an Equal Opportunity Employer
– Minority / Female / Disability / Veteran, or any other protected status
pursuant to applicable local, state or federal law, ordinance or regulation.