Cyber Security Systems Engineer
Velos
- Washington DC
- Permanent
- Full-time
- Understanding operational needs of systems at varied stages of the SDLC through participation in acquisition meetings (PMR, PDR, CDR, etc.) and concept of operation (CONOP) working groups.
- Designing and developing security requirements that drive down risk while maintaining operational capability.
- Working between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level.
- Guiding and verifying defense contractors' work against program requirements and goals. This includes participating in technical discussions, trade studies and working groups, and conducting research on industry best practices for potential implementation.
- Interfacing with program managers to explain security goals and mitigations relative to their priorities of cost and schedule.
- Select and tailor controls from the NIST SP 800-53 control catalog in view of system needs and constraints.
- Review system and network artifacts and conduct assessments against selected control baselines, assessing residual risk and providing recommendations to the Authorizing Official.
- Evaluate software and hardware prior to entry to networks.
- 5+ years' of related technical experience.
- Firm understanding of the DoD 8500.1-M, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53
- Demonstrated ability to assess and articulate risk, including to non-technical audiences.
- Demonstrated history finding unique mitigations to varied systems' security challenges.
- Demonstrated technical proficiency in at least one area of security (e.g. communications, networks, embedded systems, software, system testing or assessment, etc.).
- Strong research skills and a desire to learn new (emerging OR existing but unfamiliar) technologies.
- Strong communication skills, written and oral.
- Able to travel ~30% of time for program meetings.
- Experience with: Special Access Programs, acquisition programs, software engineering or code review
- Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, or related engineering discipline.
- IAM II (e.g. CISSP, CISM) DESIRED: Sub-field specific certifications. For example - cloud (e.g. CCSP, AWS Solutions Architect), offensive security (e.g. OSCP, GPEN), operating systems (Microsoft/Linux administration), etc.
- An active TS/SCI clearance is desired.
- U.S. Citizenship is required for this position.