Cyber Sys Security/DEVSECOPS Engineer - Level 5
The System Security Engineer candidate is responsible for ensuring that cyber security requirements are properly defined, decomposed, allocated, implemented, and assessed to produce a cyber-resilient security design solution for the target platform (Air System or Weapon System). This includes participating in working groups, design reviews, and formal artifact reviews alongside other Subject Matter Experts (SMEs) within the overall platform; and providing security expertise to ensure that cyber security is considered early in the product development lifecycle.
Applicant is expected to conduct a range of cyber risk analysis and security assessment methods; implement patches and Security Technical Implementation Guides (STIGs) to address cyber vulnerabilities, feature changes, or obsolescence; develop documentation for specific installations and configurations necessary to obtain Authorizations to Operation (ATOs) in support of program schedules; and contribute to and implement Plans of Actions and Milestones (POAMs) to mitigate open cyber risks.
The ideal candidate will communicate effectively with a range of audiences, technical and non-technical, and will function effectively on an engineering team to create a collaborative and inclusive environment that allows for the establishment of mission goals, itemized planning of tasks, and prioritization of tasks that drives the efficient execution of objectives.
Must be a US citizen. This position is located at a facility that requires special access.
Basic Qualifications:
Experience utilizing Joint Special Access Program (SAP) Implementation Guide (JSIG), Committee on National Security Systems Instruction (CNSSI) 1253, and NIST SP 800-37 Risk Management Framework (RMF) to design and harden information systems commensurate with customer needs
Experience executing Systems Engineering processes (requirements management, requirements decomposition, architecture & infrastructure design, integration & testing)
Experience with modern software methodologies or technologies including virtualization, cloud, container, CI/CD, agile or DevSecOps
Demonstrated broad background in information security tools, concepts and issues across a broad range of technologies including Network and Software Security, Network Penetration Testing, Web Application Penetration testing by related work experience
Familiarity with a variety of penetration testing tools and methodologies
Experience with Network and Application Layer Firewall Technology
Desired Skills:
Perform system certification and accreditation planning and testing and liaison activities and supports secure systems operations and maintenance
Experience with the development and sustainment of real-time tactical systems
Experience with secure software development concepts (e.g. static code analysis, dynamic code analysis, STIG/SRG hardening, etc.) as applied to high-level programming languages
Experience developing process improvements for security architecture representations (e.g. Accreditation Boundaries, Physical Diagrams, Logical Diagrams, Functional Diagrams, and Rack Layouts), system design modeling, as well as requirements management
Extensive experience developing and maintaining core security documentation artifacts for A&A Packages including Security Control Traceability Matrix (SCTM), System Security Plan (SSP) and/or Information Assurance Standard Operating Procedures (IA SOP), Plan of Action & Milestones (POA&M), and Risk Assessment Report (RAR)
Extensive knowledge of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
Expertise/knowledge in both compliance testing and penetration testing methodologies.
Experience with Agile project management tools (JIRA, Confluence, etc.)
Experience with creating and presenting technical briefings to senior-level executives and customers
Demonstrated problem-solving and troubleshooting skills
Proficient technical writing skills
Strong analytical and organizational skills with excellent communication skills (written and verbal communications) and have the ability to work in a dynamic work environment
Experience with working in an aerospace design environment with exposure to DoD customers and their accrediting authorities.
Ability to travel as required
Experience with DevSecOps CI/CD Pipeline Instantiation (Gitlab, Containerization)
Experience with Zero Trust Cloud requirements, deployment and configuration
BASIC QUALIFICATIONS:
job.Qualifications
Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Join us at Lockheed Martin, where your mission is ours. Our customers tackle the hardest missions. Those that demand extraordinary amounts of courage, resilience and precision. They’re dangerous. Critical. Sometimes they even provide an opportunity to change the world and save lives. Those are the missions we care about.
As a leading technology innovation company, Lockheed Martin’s vast team works with partners around the world to bring proven performance to our customers’ toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories.
EXPERIENCE LEVEL:
Experienced Professional