Sierra Nevada Corporation
Cybersecurity Engineer III
Sierra Nevada Corporation, Littleton, Colorado, United States, 80130
As a Cybersecurity Engineer III (CSE) at SNC, you will be at the forefront of safeguarding our systems throughout the acquisition lifecycle. You will play a critical role in ensuring the highest standards of cybersecurity and Information Assurance (IA) solutions for SNC and our valued customers. Your expertise will be pivotal in maintaining the confidentiality, integrity, and availability of our systems. By collaborating closely with system owners, administrators, engineers, and program managers, you will ensure that cybersecurity controls are effectively implemented and maintained throughout the system lifecycle. Join our dynamic and fast-paced environment, where your contributions will make a significant impact!
The ISR (Intelligence, Surveillance & Reconnaissance), Aviation, and Security (IAS) business area is a leader in ISR and aviation, it is a leading prime manned and unmanned aircraft systems integrator for innovative, high-performance ISR and aviation systems. Its end-to-end Command, Control, Computers, Communications and Intelligence, Surveillance & Reconnaissance (C4ISR) capabilities encompass design, integration, test, certification, ground/flight training and complete logistics support. IAS tailors solutions to customer cost, performance, and schedule requirements and designs to consistently exceed expectations – with an unrivaled record of on time and on (or under) budget deliveries. https://www.sncorp.com/company/business-areas/
Responsibilities:
Perform Cybersecurity Engineering and IA job functions: establish and validate system boundaries; ensure comprehensive documentation of information systems, functionalities, data governance, and adherence to compliance standards and processes; collaborate with cross-functional teams to validate security requirements
Develop and manage documentation in support of holistic security and compliance activities, including System Security Plans (SSPs), Plans of Action & Milestones (POA&M), software and hardware inventory, network diagrams, INFOSEC policies, and configuration management processes, ensuring audit readiness.
Provide input to CMMC documentation: Systems Security Plan (SSP), Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedure, Risk Assessment Report, and Configuration Management (system baselines, change management, documentation, etc.)
Integrate security requirements: ensure cybersecurity requirements are effectively incorporated into ITSM processes with continuous feedback loops for ongoing security enhancements.
Conduct security risk assessments: perform detailed risk assessments, including threat modeling and penetration testing, to identify vulnerabilities and tailor security controls to protect systems and information; stay updated with emerging threats and vulnerabilities to continuously enhance risk assessment practices.
Lead configuration management: advice and consult on cybersecurity best practices and requirements, providing expert guidance during system development and acquisition to ensure security compliance; utilize tools such as ServiceNow and CMDB for effective configuration management and conduct regular audits and compliance checks.
Coordinate compliance activities: conduct periodic and ad-hoc validation and security control assessments, ensuring ongoing compliance with NIST 800-171, corporate policies, program contracts, and all specific identified requirements.
Enhance technical cybersecurity/IA skills: maintain and continuously develop your technical skillset in cybersecurity and information assurance, focusing on areas such as IT enterprise environments, cloud security, incident response, and system architecture reviews.
Periodic travel to SNC, customer, and partner facilities to support program and business-wide activities.
Follow SNC policies, processes, and procedures for all technical activities.
Punctuality to work each day and prepared to work scheduled work hours.
Other duties as assigned.
Must Haves:
Bachelor's degree in Cybersecurity, Network Engineering, Information Technology, or related Engineering discipline and typically 6 or more years of relevant experience
Relevant experience may be considered in lieu of required education
DoDD 8140 IAT Level II *Required within 6 months of hire.
Strong communication skills; ability to translate complex cybersecurity information into quantifiable business risk and communicate risk effectively to business and executive leaership.
Cisco, Microsoft, Linux, Azure/Cloud or other technical certifications a plus
Knowledge of technical standards relating to systems security; UNIX, Linux, and Windows administration, experience with large-scale servers and large-scale enterprise IT environments, virtualization and containerization, cloud computing (Azure preferred), secure network architecture, cybersecurity stack experience (web filtering, SSL inspection, DLP, antivirus, firewalls, PCAP, SIEM, etc.)
Solid understanding of at least one security framework (preferably NIST 800-171), NIST 800-53 second preferred
Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture
Strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and flexibility through learning and adaptation.
Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
High degree of attention to detail
The ability to obtain and maintain a Secret U.S. Security Clearance is required
Preferred:
CISSP, CISM, Security+, CISA, CASP+, or other relevant security certification
MCSE, Linux, and/or CCNP security certification
Azure cloud certifications, or other relevant cloud certification
Other relevant IT and/or technology certification
Proven track record of maintaining the confidentiality of high-sensitivity projects and data.
Ability to perform critical-incident response
Knowledge of DoD, government contracting and/or public auditing policies, standards, and procedures
Ability to read and interpret security and technical documentation
#Ll-hybrid
Estimated Starting Salary Range: $124,771.42 - $171,560.71. SNC considers several factors when extending job offers, including but not limited to candidates’ key skills, relevant work experience, and education/training/certifications.
SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more (https://www.sncorp.com/careers/total-rewards/) .
IMPORTANT NOTICE:
This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.
Learn more about the background check process for Security Clearances. (https://www.dcsa.mil/About/)
SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!
As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination. Employment decisions are made without regarding to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or other characteristics protected by law. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.
The ISR (Intelligence, Surveillance & Reconnaissance), Aviation, and Security (IAS) business area is a leader in ISR and aviation, it is a leading prime manned and unmanned aircraft systems integrator for innovative, high-performance ISR and aviation systems. Its end-to-end Command, Control, Computers, Communications and Intelligence, Surveillance & Reconnaissance (C4ISR) capabilities encompass design, integration, test, certification, ground/flight training and complete logistics support. IAS tailors solutions to customer cost, performance, and schedule requirements and designs to consistently exceed expectations – with an unrivaled record of on time and on (or under) budget deliveries. https://www.sncorp.com/company/business-areas/
Responsibilities:
Perform Cybersecurity Engineering and IA job functions: establish and validate system boundaries; ensure comprehensive documentation of information systems, functionalities, data governance, and adherence to compliance standards and processes; collaborate with cross-functional teams to validate security requirements
Develop and manage documentation in support of holistic security and compliance activities, including System Security Plans (SSPs), Plans of Action & Milestones (POA&M), software and hardware inventory, network diagrams, INFOSEC policies, and configuration management processes, ensuring audit readiness.
Provide input to CMMC documentation: Systems Security Plan (SSP), Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedure, Risk Assessment Report, and Configuration Management (system baselines, change management, documentation, etc.)
Integrate security requirements: ensure cybersecurity requirements are effectively incorporated into ITSM processes with continuous feedback loops for ongoing security enhancements.
Conduct security risk assessments: perform detailed risk assessments, including threat modeling and penetration testing, to identify vulnerabilities and tailor security controls to protect systems and information; stay updated with emerging threats and vulnerabilities to continuously enhance risk assessment practices.
Lead configuration management: advice and consult on cybersecurity best practices and requirements, providing expert guidance during system development and acquisition to ensure security compliance; utilize tools such as ServiceNow and CMDB for effective configuration management and conduct regular audits and compliance checks.
Coordinate compliance activities: conduct periodic and ad-hoc validation and security control assessments, ensuring ongoing compliance with NIST 800-171, corporate policies, program contracts, and all specific identified requirements.
Enhance technical cybersecurity/IA skills: maintain and continuously develop your technical skillset in cybersecurity and information assurance, focusing on areas such as IT enterprise environments, cloud security, incident response, and system architecture reviews.
Periodic travel to SNC, customer, and partner facilities to support program and business-wide activities.
Follow SNC policies, processes, and procedures for all technical activities.
Punctuality to work each day and prepared to work scheduled work hours.
Other duties as assigned.
Must Haves:
Bachelor's degree in Cybersecurity, Network Engineering, Information Technology, or related Engineering discipline and typically 6 or more years of relevant experience
Relevant experience may be considered in lieu of required education
DoDD 8140 IAT Level II *Required within 6 months of hire.
Strong communication skills; ability to translate complex cybersecurity information into quantifiable business risk and communicate risk effectively to business and executive leaership.
Cisco, Microsoft, Linux, Azure/Cloud or other technical certifications a plus
Knowledge of technical standards relating to systems security; UNIX, Linux, and Windows administration, experience with large-scale servers and large-scale enterprise IT environments, virtualization and containerization, cloud computing (Azure preferred), secure network architecture, cybersecurity stack experience (web filtering, SSL inspection, DLP, antivirus, firewalls, PCAP, SIEM, etc.)
Solid understanding of at least one security framework (preferably NIST 800-171), NIST 800-53 second preferred
Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture
Strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and flexibility through learning and adaptation.
Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
High degree of attention to detail
The ability to obtain and maintain a Secret U.S. Security Clearance is required
Preferred:
CISSP, CISM, Security+, CISA, CASP+, or other relevant security certification
MCSE, Linux, and/or CCNP security certification
Azure cloud certifications, or other relevant cloud certification
Other relevant IT and/or technology certification
Proven track record of maintaining the confidentiality of high-sensitivity projects and data.
Ability to perform critical-incident response
Knowledge of DoD, government contracting and/or public auditing policies, standards, and procedures
Ability to read and interpret security and technical documentation
#Ll-hybrid
Estimated Starting Salary Range: $124,771.42 - $171,560.71. SNC considers several factors when extending job offers, including but not limited to candidates’ key skills, relevant work experience, and education/training/certifications.
SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more (https://www.sncorp.com/careers/total-rewards/) .
IMPORTANT NOTICE:
This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.
Learn more about the background check process for Security Clearances. (https://www.dcsa.mil/About/)
SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!
As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination. Employment decisions are made without regarding to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or other characteristics protected by law. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.