The Cybersecurity Engineer is responsible for the integration of cybersecurity requirements into the full system lifecycle of products. The candidate shall be experienced in developing Risk Management Framework (RMF) artifacts and shall understand system categorization and deduce NIST, DoD, CNSSI and NSTSSM regulations into product cybersecurity requirements. The candidate shall provide guidance for NIST 800-53 and CNSSI 1253 security controls, security hardening of products, derive and manage security requirements, risk management, technical planning, threat and vulnerability assessments, systems level design, systems integration, verification and validation including security testing and evaluation, and supportability and effectiveness analyses for the total systems.

Responsibilities:

• Be a part of a program cybersecurity risk mitigation effort using the Risk Management Framework (RMF)
• Evaluates new and existing embedded systems and architects the software, firmware, and hardware requirements from a system engineering perspective
• Participates in development efforts to ensure cybersecurity controls are integrated to meet platform security posture and the Department of Defense (DoD) Authorizing Officials program requirements
• Participates in the formal Security Test and Evaluation process required by each government acceptance and approval authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports
• Performs product security reviews with the ability to communicate issues and risks in business terms and make recommendations that balance risk/reward tradeoffs
• Recommends embedded cybersecurity defense and countermeasures for avionics product designs
• Researches, evaluates, and assesses emerging embedded cyber security threats and technologies
• Evaluates and tests new cybersecurity tools and capabilities
• Analyzes static and dynamic source code scans to achieve Software Assurance (SwA) goals
• Suggests and implements new tools and efficiency improvements for development of secure software

Experience / Skills needed:

• Experience with the Risk Management Framework (RMF)
• Strong knowledge of embedded system security architectures and engineering approaches to building system security solutions
• Full system engineering lifecycle experience, requirements analysis and mapping, testing, implementation, and validation.
• Experience with Department of Defense, Government Certification and Authorizing Officials or federal customer base will be a definite advantage
• A technical background in guiding policy makers and interpreting existing policy in accordance with Department of Defense (DoD) objectives is preferred.