Cyber Systems Engineer (level 3 or 4)

Northrop Grumman Northrop Grumman · Aerospace · Dulles, VA +1 · Cyber

Cyber Systems Security Engineer for satellite systems, focusing on RMF, CyberSecurity, CyberResilience, and CyberSurvivability requirements. Responsibilities include system security engineering, attack surface analysis, implementing COTS security products, and ensuring secure deployment of software. Requires experience with security tools and potentially real-time operating systems.

What you'd actually do

  1. Work as part of an integrated product team (IPT) to architect, implement, and satisfy Risk Management Framework (RMF) CyberSecurity, CyberResilience, and/or CyberSurvivability requirements of satellite systems, communications links, and ground command & control (C2) systems. You will engage with multiple engineering disciplines and contribute to the secure design of complex systems
  2. System Security Engineering Requirements management in support of program protection (PP) requirements, work with systems engineers to decompose system-level security controls into technical performance requirements across the segments and down to specific components, across disciplines Anti-Tamper, TEMPEST, Cybersecurity (RMF), and cryptographic component integration/development. You will ensure that Cyber requirements are included in the formal requirements tracking process and is Cyber/SSE contributor for a segment or subsystem
  3. Perform Attack Surface Analysis (ASA) and prepare Systems Security Plan (SSP) documentation for complex space systems, including Risk Assessment Reports (RAR), Security Control Traceability Matrices (SCTM), Security Assessment Procedures, and POA&Ms
  4. Implement and maintain COTS security products (firewalls, anti-virus, two-factor authentication, SIEM tools, etc. within terrestrial systems
  5. For space segments, you will support design and implementation of space vehicle hardening, for embedded processors and flight software. Experience with real-time operating systems, secure coding best practices, or other mission critical operational systems is required

Skills

Required

  • Risk Management Framework (RMF)
  • CyberSecurity
  • CyberResilience
  • CyberSurvivability
  • satellite systems
  • communications links
  • ground command & control (C2) systems
  • program protection (PP)
  • Anti-Tamper
  • TEMPEST
  • cryptographic component integration/development
  • Attack Surface Analysis (ASA)
  • Systems Security Plan (SSP)
  • Risk Assessment Reports (RAR)
  • Security Control Traceability Matrices (SCTM)
  • Security Assessment Procedures
  • POA&Ms
  • COTS security products
  • firewalls
  • anti-virus
  • two-factor authentication
  • SIEM tools
  • space vehicle hardening
  • embedded processors
  • flight software
  • real-time operating systems
  • secure coding best practices
  • mission critical operational systems
  • Commercial, Federal Civilian agency, Department of Defense (DoD), Intelligence Community, and/or Special Access Program, Cyber/SSE security controls
  • Agile engineering environment
  • Static Code Analysis (SCA)
  • systems engineering
  • assembly
  • integration
  • test activities
  • Cross Domain Solutions
  • cryptographic devices
  • controlled interfaces
  • Mission Unique Software (MUS)
  • computing clouds
  • highly virtualized environments
  • Certification To Field (CTF)
  • Cyber Test & Evaluation
  • system vulnerability scanning
  • remediation
  • patch management
  • Windows operating systems
  • Red Hat operating systems
  • COTS/GOTS applications
  • Standard Operating Procedures (SOPs)
  • software patch installation
  • flaw remediation
  • antivirus updates
  • continuous monitoring (ConMon)
  • security policies and procedures
  • system security authorization package
  • DISA Host Based Security System (HBSS)
  • Endpoint Security Suite (ESS)

What the JD emphasized

  • Cybersecurity
  • RMF
  • CyberSurvivability
  • secure design
  • program protection
  • Cyber requirements
  • security controls
  • secure coding best practices
  • security policies