This position is for a Cyber Engineering Manager to support the NORAD Cheyenne Mountain Complex/Integrated Tactical Warning, Attack & Assessment Support Contract (NISSC) and other legacy space, ITW/AA and mission support programs managed and administered in the Colorado Springs region.
- Works with the NISSC PMO/Government Customer and Raytheon Team internal SMEs and stakeholders to assess, develop and implement Cyber Roadmap strategies, project recommendation priorities, and devise and execute plans and courses of action (to include SCFs and 1067s) necessary to ensure successful project preparation, execution and sustainment
- Leads cyber requirements analysis for various projects, providing direction, guidance and recommendations for rendering/implementation of security solutions and technologies based on Roadmap priorities/schedule
- Collaborate with the various NISSC program and functionally matrixed engineering disciplines
- Documents vulnerability assessment/verification/scan and other IA compliance/V&V results and makes recommendations as appropriate
- Prepares plans to assessing known systems vulnerabilities and verify system hardening and patching activities, and maintains supporting documentation to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs) and related checklists
- Prepares documentation (artifacts and bodies of evidence) to support Authorization & Approval (A&A) activities necessary to ensure system sustained Approval to Operate (ATO)
- Supports A&A SMEs in the gathering, mx and traceability of cybersecurity artifacts/bodies of evidence in eMASS and/or the IDE
- Leads a team of ISSEs in the conduct of cybersecurity requirements analysis and assessment/validation to ensure appropriate implementation and compliance of the security posture through the system development lifecycle
- Assists with the development and documentation of system security test plans, assessments and verification/validation of the proper implementation of security controls on networking devices, databases, operating systems, hardware and software components, to include providing systems security engineering support services to Delivery Orders (DOs) by assisting with the assessment of code against the Common Weakness Enumeration (CWE), Common Vulnerability and Exposure (CVE), and Open Web Application Security Project (OWASP) throughout the development effort and preparing associated reports for contract leadership and Government customers summarizing the vulnerabilities and types of vulnerabilities found in terms of the specific CWE, CVE, and (OWASP) identifiers found during each analysis
- Assists with the testing of all software with a variety of simulated patterns of common attacks using security testing methodologies, including fuzz testing, vulnerability testing, penetration testing, and misuse and abuse testing throughout the development effort and preparing required documentation, to include reports for contract leadership and Government customers summarizing the patterns of attacks used, in terms of the Common Attack Pattern Enumeration and Classification (CAPEC) identifiers, during each test activity and for the tests of the final delivery
- Identifies, responds to, and reports on Information Assurance/Cybersecurity Incidents IAW DoD 8500.2, DoDI O830.02, AFI 33-138, NISSC Program Policy and/or other governing directives, instruction and orders/cyber orders as appropriate
Must be a U.S. CITIZEN with an Active Secret Clearance with the ability to obtain a Top Secret (TS) security clearance
• 7 years of proven past performance and technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, determination, development, and implementation
• 6+ years of experience/proven performance leading the integration of security principles into all phases of acquisition, upgrade, and modification programs
• Previous experience with the review/assessment of contract Statements of Work, Statements of Objectives, and Contractor Data Requirement Lists
• 6+ years of experience with/development of DoD Architecture Framework (DODAF) models, including operational views, systems views and data flows/information exchange matrices
• Previous experience with the development of scripts to support enterprise search activities and/or implementation of efficiencies in vulnerability mitigation on operational systems
• Proven ability to capture/justify supporting Basis of Estimates (BOEs)/manpower requirements and ensure the successful inclusion of cybersecurity principles, activities and necessary resources (personnel and tools) into project Delivery Orders
• Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGs) and USCYBERCOM.
• Experience with IA vulnerability testing and related network and system test tools; e.g., ACAS, Retina, NMap, Nessus, Security Content Automation Protocol (SCAP)
• Understanding of Systems Engineering requirements, specifications, and Experience implementing DoD and Federal IA Certification and Accreditation Processes, assessing and validating compliance with IA controls and developing and maintaining associated certification and accreditation documentation
• Experience with information security toolset including anti-virus, Vulnerability Assessment, HIDS/ NIDS
• Experience with network and system security administration, including operating system security configuration and account management best practices for UNIX (HP-UX & Solaris), MS Windows, Red Hat Enterprise Linux, and CISCO system
• Knowledge of various cyber security applications and toolsets, including anti-virus, HIDS, NIDS, HBSS, ACAS, SCC, etc.
• Ability to organize, multi-task and prioritize tasks in a fast paced, deadline driven environment
• Must possess DoDI 8570.01-M IAT Level-III (CISSP) Compliant Certification with at least one supporting CE/OS certificate in UNIX, Linux and/or MS operating systems.
• Familiar with NIST Risk Management Framework as described in NIST Special Publication 800-37 and 800-53
• Familiar with Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39
• Experience working U.S. Government contract proposals (ideally with AFLCMC) as an Information Assurance/ Information Security Engineering subject matter expert
• ITIL v3 Information Technology Infrastructure Library Foundations or higher
• An active Top Secret (TS) clearance
Required Education (including Major):
Bachelor's degree in Science, Technology, Engineering or Mathematics and a minimum of 8 years of prior relevant experience, or a Master's degree in same and a minimum of 6 years of prior relevant experience; or applicable years of experience considered in lieu of a degree.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Integration and Test Engineering, Systems Engineering, Cyber, Technical, Computer Engineering, Engineering, All, Test Engineering, Warfighter Support Services
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated approximately $6 billion in 2016 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.JBRaytheon ICJBMeta // SKCYB85