Experience Inc. Jobs

Job Information

L3Harris Scientist, Information Security System Engineering in Chantilly, Virginia


Job Title: Scientist, Information Security System Engineering

Job Code: SAS20210607-64156

Job Location: Chantilly, VA

Job Description:

Leads the development and architecture of systems security engineering methods, practices, and technologies. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Has thorough knowledge of and experience with methods such as encryption technology, vulnerability analysis and security management. Responsible for the design of system security architecture, the integration of multiple methods into a cohesive system security perimeter and environment, and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards such as NIST 800-37, CNSSI 1253, DOD 8510, ICD-503, to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings.

Specific to this position, the successful candidate will act as the lead ISSE for developing a new mission system from conceptual design to operations, and drive the security architecture implementation to meet RMF compliance.

Essential Functions:

  • Design and architect system security according to the latest methods, practices and technologies

  • Develop integrated security (DevSecOps) approaches and identify opportunities and create long-term plans for continuous authority to operate/continuous risk management framework (cATO/cRMF) approaches

  • Provide leadership and technical execution support of information security activities associated with the authorization and accreditation (A&A) of information systems and data using NIST Risk Management Framework (RMF) (and derivative) processes, to include processes to achieve a continuous authorization to operate (cATO)

  • Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data

  • Assist program security in the development of, policies and procedures for, emerging security technologies and proposals

  • Support security certification and vulnerability assessment activities as required

  • Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects

  • Support information assurance data collection and continuous monitoring activities for assigned information systems

  • Experience in writing and managing RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP))

  • Experience in securing operating systems (primarily Windows and Cisco IOS, some Linux.)

  • Experience with application of Secure Template Implementation Guides (STIGs)

  • Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC

  • Experience with Continuous Integration/Continuous Deployment (CI/CD), agile system development, and DevSecOps tools and processes

  • Experience in accrediting cross-domain, Multi-Level Security, and PL3+ systems

  • Self-motivation, able to work well independently and within inter-disciplinary engineering teams

  • Strong written and oral communication skills

  • Principles of data flows (e.g., TCP/IP, OSI model)

  • Travel up to 20% CONUS

  • Work will be performed onsite

    Qualifications: (refer to http://my.harris.com/careerframework)

  • Education:Top Secret//SCI Security clearance required

  • Bachelor’s Degree and/or minimum 12 years of prior relevant experience, or

  • Graduate Degree and/or a minimum of 10 years of prior related experience

  • DOD 8570.01M IASAE 2 certification

    Preferred Additional Skills:

  • Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk)

  • Top Secret//SCI w/CI Poly is desirable

  • Experience in Air/Space Command and Control (C2)

  • DOD 8570.01M IASAE 3 certification is desired

  • Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1)

  • System test and evaluation methods and RMF assessment methodology & process

  • Experience in Model-Based Systems Engineering (MBSE)

  • Experience in Cyber Defense technologies

  • Understanding of system vulnerabilities and exploitation

L3Harris Technologies is proud to be an Affirmative Action/Equal Opportunity Employer. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state or local laws. L3Harris maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks, where permitted by law.