Senior Scientist, Information Security Systems Engineer
Company: L3Harris Technologies
Location: Provo
Posted on: November 12, 2024
Job Description:
-Job Title: Senior Scientist, Information Security Systems
Engineering -Job Location: - Salt Lake City-UTJob Code: - -15721Job
Schedule: -9/80, every other Friday off - -Position Overview:This
Subject Matter Expert will apply current systems security
engineering methods, practices and technologies to the
architecture, design, development, evaluation and integration of
systems and networks to maintain system security and execute system
CONOPS. The Lead will work closely with Government customers and
program stakeholders to ensure that the security protection needs,
concerns and requirements are defined and implemented with
appropriate fidelity and rigor, early and in a sustainable manner
throughout the life cycle of system that will allow for the
security authorization of the system of interest. -Job
-Description:
- Works with systems developers or commercial product vendors in
the design and evaluation of state-of-the-art secure systems,
networks, and database products.
- Uses methods such as encryption technology, vulnerability
analysis and security management.
- Responsible for integration of multiple methods into a cohesive
system security perimeter and environment and the policies and
procedures necessary to monitor and maintain such an environment.
Prepares Assessment and Authorization documentation using multiple
standards under RMF and derivative processes (DOD 8510.01M, JSIG,
ICD-503, CNSSI 1253), to achieve security authorization of
supported systems.
- Represents program security needs, concerns, and requirements
at customer meetings.
- Leads and contribute to all Product or Network Information
Security Engineering activities pertaining to CDRLs, trade studies,
security requirements analysis, secure architecture development,
management & compliance with security controls, design review
milestones (SRR, SDR, PDR, CDR) and security test/verification
activities
- Performs system CONOP analysis and development
- Contributes to all Product and/or Security Engineering
activities pertaining to CDRLs, trade studies, security
requirements analysis, secure architecture development, management
& compliance with security controls, design review milestones (SRR,
SDR, PDR, CDR) and security test/verification activities
- Perform functional analysis, timeline analysis, detailed trade
studies, requirements derivation and allocation, and interface
definition studies to translate customer Information Security
requirements into hardware and software specifications
- Provide Cyber technical leadership for development teams
building new multi-discipline (mechanical, electrical, software,
hardware etc.) products
- Provide Cyber technical leadership to development teams at
internal and external gate reviews such as technical baseline
reviews and design reviews
- Identify security risks, threats and vulnerabilities of
networks, systems, applications, and new technology initiatives
(hardware, software, cross-domain solutions, cryptographic devices,
firewalls, intrusion detection systems, anti-virus systems and
software deployment tools)
- Ensure RMF Information Security requirements and Program
Protection requirements are addressed in all phases of the System
Development Lifecycle (SDLC)
- Conduct security architecture analysis to evaluate and mitigate
risks -
- Provides leadership and technical guidance for the NSA
Certification of Cryptographic Communication Security Modules.
- DoD 8570.01-M IASAE Level 3 certification (e.g. CISSP, ISSEP,
ISSAP)
- Active Top Secret -Required -Qualifications:
- Bachelor's Degree with a minimum of 15 years of prior related
experience. Graduate Degree with a minimum of 13 years of prior
related experience. In lieu of a degree, minimum of 19 years of
prior related experience. -Preferred Qualifications: -
- Active Top Secret/SCI Security Clearance preferred
- Minimum of 7 years of experience with vulnerability research
and analysis of computer hardware, appliances, and/or embedded
systems
- Minimum of 7 years of experience with Risk Management Framework
(RMF) accreditation and authorization (A&A) processes to
include RMF steps 1-4 (categorization, controls selection, control
implementation, security assessment) and standard body of evidence
(BoE) package development
- Minimum of -2 years of experience in writing and managing RMF
body of evidence documents (e.g., System Security Plan (SSP),
Security Compliance Traceability Matrix (SCTM), Certified Test Plan
(CTP), Risk Assessment Report (RAR), Continuous Monitoring (ConMon)
Plan, Plans of Action and Milestones (POA&M), and Security
Assessment Plans and Procedures (SAPP)
- Minimum 2 years of experience with system testing and
evaluation methods and RMF assessment methodology & processes
- Minimum of 10 years of experience with IC and DoD Cyber
organizations, including structure, engagement, customer
relationship management, and Business Development
- Minimum of 5 years of experience with DCO and OCO Cyber Effects
Operations (CEO)
- Minimum of 5 years of experience leading technical teams,
decomposing requirements, solution development, implementation, and
testing/qualification across a portfolio
- Minimum of -5 years of experience with computer hardware
architecture, components, and protocols
- Minimum of 3 years of experience with Modular Open Systems
Approach (MOSA) standards
- Experience in validating the NSA Crypto Modernization
- Experience developing security overlays, data flow diagrams,
internal requirements, CONOPs and interface control documents from
customer and/or product requirements
- Experience with administration and securing Linux
(RHEL/CentOS), Microsoft products including Windows Server 2016+,
Windows 10, Microsoft System Center Configuration Manager, and
WSUS
- Experience in configuration and use of cyber defense and
vulnerability assessment tools such as ACAS/Nessus, Rapid7 Nexpose,
etc
- Experience with architectures integrating VLANs, VRF, virtual
switching, multi-layer switching, Multi-layer Firewalls, ACLs,
secure configuration, VPN (IPSEC)
- Foundational knowledge of Layer 3 architecture and diagramming
within Visio or other commercial products
- Understanding of routing and switching as employed in
telecommunications and network traffic
- General knowledge of common threats to information systems and
how compromise would damage system integrity
- Exposure to model-based systems engineering (MBSE) tool suites
(e.g., Cameo) and associated processes
- Experience with application of STIGs, CIS Benchmarks, and/or
SCAP and developing associated POAMs
- Working knowledge of embedded systems, appliances, FPGA,
single-board computers, chipsets, and microprocessors
- Engineering experience in non-traditional national security
missions#LI-
Keywords: L3Harris Technologies, West Valley City , Senior Scientist, Information Security Systems Engineer, IT / Software / Systems , Provo, Utah
Didn't find what you're looking for? Search again!
Loading more jobs...