Product Security Engineering

at Moseley Technical Services
Location Richardson, Texas
Date Posted July 31, 2022
Category Engineering
Job Type Not Specified

Description

Product Security Engineering

Job ID # 26

Contract Opportunity

Location: Richardson, TX

Industry: Aerospace & Defense

Minimum Clearance: Top Secret Clearance

Minimum Education: Associate's Degree

Minimum Experience: 6 Years

What You'll Do:

+ Lead the development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.

+ Lead the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.

+ Ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support.

+ Lead the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Boeing products and services.

+ Lead coordination with governments, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.

+ Lead research and development activities resulting in innovative solutions.

+ Lead the advisement of customers on maintaining product security and certification, including security consequences of modifying products and services.

+ Lead the development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.

+ Lead the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.

+ Ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support.

+ Lead the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Boeing products and services.

+ Lead coordination with governments, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.

+ Lead research and development activities resulting in innovative solutions.

+ Lead the advisement of customers on maintaining product security and certification, including security consequences of modifying products and services.

+ Analyze customer and regulatory information system security requirements and decompose them into system security design specifications.

+ Directly contact the customers and lead engineers to ensure that security requirements are crafted into the products and evaluated for efficiency.

+ Perform as the key system security focal throughout the phases of the DevSecOps framework.

+ Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development.

+ Provide technical cyber security engineering guidance to IT Administrators, System Architects, Systems Engineers, and Software Developers.

+ Provide system security engineering guidance on the design and implementation of technical policies for user/computer groups and network devices.

+ Responsible for the design and implementation of security systems across the entire organization's networks, including IDS, firewalls, log capture, host based protections, vulnerability scanning tools, etc.

+ Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks.

+ Assess networks/applications/systems and identify vulnerabilities, reporting results to ISSO/IT.

+ Provide ISSO and IT administrators with system security level expertise to assist with the gathering/securing of data to support incident investigation and response.

+ Assist ISSO in monitoring, interpreting, and reacting to security device outputs, create documentation in support of authorization/accreditation packages, and deploy security policies, standards, and guidance.

What You'll Need:

+ Top Secret Clearance

+ DoD 8570.01-M IAT Level III Certification (e.g. CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP); and IASAE Level II (e.g. CASP+ CE, CISSP (or Associate), CSSLP)

+ 3 or more years of experience with the implementation of security controls IAW DoD Risk Management Framework (RMF)

+ Experienced with evaluating and refining customer security requirements

+ 1 or more years of experience with common DoD vulnerability and compliance assessment tools (e.g. SCAP, STIGs, ACAS) and processes

+ Experienced capturing/detailing system security designs throughout the System Development Lifecycle (SDLC) process (e.g. System Diagrams, System Security Plans, Hardware Baselines, Software Baselines, Network Diagrams, Security Controls Traceability Matrices, Standard Operating Procedures, etc.)

+ Experienced in security control test plan development and execution

+ Ability to work independently, actively participate on integrated teams, and lead a task, project, or small team. Requires guidance and direction from more senior level technicians, specialists, and managers only when taking care of new, uncertain situations. Provides mentorship to lower level technicians and specialists.

+ Experienced working in a customer facing role implementing Information System Security Vulnerability Assessments, to include conducting customer out briefs and generating reports.

+ Experienced in working with multiple technologies; strong working knowledge of RHEL 7 and above, and/or CISCO IOS/NXOS, and/or Windows server 2016 SHB and above, and/or DoD Windows 10 SHB.

+ Experienced creating system security implementation solutions against customer requirements.

+ 3 or more years of experience with the implementation of security controls IAW DoD Risk Management Framework (RMF)

+ Preferred Qualifications/Desired Skills (Desired Skills/Experience):

+ Experienced with installation and configuration of McAfee ePO and DoD required endpoint products.

+ Experienced with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.

+ Experienced in Group Policy Management and implementation.

+ Experienced in multiple scripting languages (e.g. PowerShell, Python, Bash, etc.)

+ Experienced with Agile development within a DevSecOps environment.

U.S. Citizenship is required by law, regulation, executive order, or government contract.

Education & Experience:

+ Associate's Degree combined with 6 + years of relevant work experience; or an equivalent combination of education and experience.

What to Expect:

+ Applicants selected for employment will be required to pass a pre-employment drug screening and background investigation which may include education, criminal and work history verifications.

+ Accepted applicants will have the opportunity to be eligible for benefits, including medical and supplemental insurance and a 401K. Appreciation and gratitude for employees is a hallmark of organizations with low turnover.

Moseley Technical Services, Inc. is an AA/EEO/Veterans/Disabled Employer.

Resources

For questions about benefits visit:

For more information about Moseley visit:

Posting Title (External): Product Security Engineering

Street: 3373 Breckinridge Blvd

Drop files here browse files ...