Raytheon Intelligence, Information, and Services (IIS) is seeking a Cyber System Engineering Manager to join our team in support of the NORAD Cheyenne Mountain Complex/Integrated Tactical Warning, Attack & Assessment Support Contract (NISSC) and other legacy space, ITW/AA and mission support programs managed in the Colorado Springs region.
Want to join a company that Stands Out among their competitors? At Raytheon, We Stand Out for a lot of reasons – and our employees are behind every one of them. Click here to find out what they have to say about the work we do and who we do it: https://youtu.be/H4YKy1_MshMhttps://youtu.be/YNuZN0vyzHg
As Cyber System Engineering Manager, your duties include:
- Reports to the NISSC Program Protection lead and works with the Government Customer and internal team SMEs and stakeholders to assess, develop and implement NISSC Cyber Roadmap strategies, project recommendation priorities, ensure IA/Cyber compliance and devise and execute plans and courses of action necessary to ensure successful project preparation, execution and sustainment
- Leads cyber requirements analysis/systems security engineering efforts for various projects, providing direction, guidance and recommendations for rendering/implementation of security solutions and technologies based on Roadmap and other project priorities/schedule
- Collaborate with the various NISSC program and functionally matrixed engineering disciplines
- Documents vulnerability assessments/verification/scan and other IA compliance/V&V results, prepares security impact assessments and makes recommendations as appropriate
- Prepares plans, assesses known systems vulnerabilities, makes cyber roadmap recommendations and updates
- Verifies system hardening and patching activities, and maintain supporting documentation to ensure compliance with the most current applicable Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs) and related checklists
- Prepares documentation necessary to support Authorization & Approval (A&A) activities and ensure system Approval to Operate (ATO)
- Leads a team of ISSEs in the conduct of cybersecurity requirements analysis and assessment/validation to ensure appropriate implementation and compliance of the security posture through the system development lifecycle
- Supports the RMF AGILE Product Owner/A&A SMEs in gathering, mx and traceability of cybersecurity artifacts in eMASS, XACTA and/or the IDE as required
- Directs and develops system test/cybersecurity assessment plans, assessments and verification/validation of the proper implementation of security controls on networking devices, databases, operating systems, hardware and software components
- Provides systems security engineering support services to Delivery Orders (DOs) by assisting the development/validation of cybersecurity solutions and assessment of engineering designs and software code to ensure IA compliance and guard against cyber vulnerabilities in proposed solutions through techniques including Common Weakness Enumeration (CWE), Common Vulnerability and Exposure (CVE), and Open Web Application Security Project (OWASP). This direction, guidance and assessment is performed throughout the development effort
- Prepares reports for NISSC leadership and Government customers summarizing the vulnerabilities and types of vulnerabilities found in terms STIG compliance and specific CWE, CVE, and (OWASP) identifiers found during each analysis as applicable
- Guides and assists with the testing of all software with a variety of simulated patterns of common attacks using security testing methodologies, including fuzz testing, vulnerability testing, penetration testing, and misuse and abuse testing throughout the development effort and preparing required documentation, to include reports for contract leadership and Government customers summarizing the patterns of attacks used, in terms of the Common Attack Pattern Enumeration and Classification (CAPEC) identifiers, during all phases of test activity/final delivery
- Identifies, responds to, and reports on IA/Cybersecurity Incidents IAW DoD 8500.2, DoDI O830.02, AFI 33-138, NISSC Program Policy and/or other governing directives, instruction and orders/cyber orders as appropriate
Must be a U.S. CITIZEN with an Active Top Secret (TS) security clearance
Required Experience, Knowledge, and/or Skills::
Desired Experience, Knowledge, and/or Skills:
- Bachelor degree and at least 8 years of proven past performance and technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, determination, development, and implementation
- Must be a U.S. CITIZEN with an Active Top Secret (TS) security clearance
- Experience/proven performance leading the integration of security principles into all phases of acquisition, upgrade, and modification programs
- Previous experience with the review/assessment of contract Statements of Work, Statements of Objectives, and Contractor Data Requirement Lists
- Experience with/development of DoD Architecture Framework (DODAF) models, including operational views, systems views and data flows/information exchange matrices
- Proven ability to capture/justify supporting Basis of Estimates (BOEs)/manpower requirements and ensure the successful inclusion of cybersecurity principles, activities and necessary resources (personnel and tools) into project Delivery Orders
- Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGs) and USCYBERCOM.
- Experience with IA vulnerability testing and related network and system test tools; e.g., ACAS, Retina, NMap, Nessus, Security Content Automation Protocol (SCAP)
- Experience with information security toolset including anti-virus, Vulnerability Assessment, HIDS/ NIDS
- Familiarity with network and system security administration, including operating system security configuration and account management best practices for UNIX (HP-UX & Solaris), MS Windows, Red Hat Enterprise Linux, and CISCO system
- Knowledge of various cyber security applications and toolsets, including anti-virus, HIDS, NIDS, HBSS, ACAS, SCC, etc.
- Must possess DoDI 8570.01-M IAT Level-III (CISSP) Compliant Certification with at least one supporting CE/OS certificate in UNIX, Linux and/or MS operating systems.
Required Education (including Major):
- Familiar with NIST Risk Management Framework as described in NIST Special Publication 800-37 and 800-53
- Familiar with Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39
- Experience working U.S. Government contract proposals (ideally with AFLCMC) as an Information Assurance/ Information Security Engineering subject matter expert
- ITIL v3 Information Technology Infrastructure Library Foundations or higher
Bachelor's degree in Science, Technology, Engineering or Mathematics and a minimum of 8 years of prior relevant experience, or a Master's degree in same and a minimum of 6 years of prior relevant experience.
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges - from the cyber domain to automated operations, and from intelligent transportation solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated approximately $6 billion in 2016 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world - in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.