L3Harris is dedicated to recruiting and developing diverse, high-performing talent who are passionate about what they do. Our employees are unified in a shared dedication to our customers’ mission and quest for professional growth. L3Harris provides an inclusive, engaging environment designed to empower employees and promote work-life success. Fundamental to our culture is an unwavering focus on values, dedication to our communities, and commitment to excellence in everything we do.
L3Harris Technologies is the Trusted Disruptor in the defense industry. With customers’ mission-critical needs always in mind, our employees deliver end-to-end technology solutions connecting the space, air, land, sea and cyber domains in the interest of national security.
Job Title: Lead, Information Security Systems Engineering - NGJ
Job Location: Salt Lake City-UT
Job Code: 19171
Job Schedule: 9/80, every other Friday off
Position Overview:
This Subject Matter Expert will apply current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security and execute system CONOPS. The Lead will work closely with Government customers and program stakeholders to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest.
Job Description:
Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products.Uses methods such as encryption technology, vulnerability analysis and security management.Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Prepares Assessment and Authorization documentation using multiple standards under RMF and derivative processes (DOD 8510.01M, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems.Represents program security needs, concerns, and requirements at customer meetings.Leads and contribute to all Product or Network Information Security Engineering activities pertaining to CDRLs, trade studies, security requirements analysis, secure architecture development, management & compliance with security controls, design review milestones (SRR, SDR, PDR, CDR) and security test/verification activitiesPerforms system CONOP analysis and developmentContributes to all Product and/or Security Engineering activities pertaining to CDRLs, trade studies, security requirements analysis, secure architecture development, management & compliance with security controls, design review milestones (SRR, SDR, PDR, CDR) and security test/verification activitiesPerform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies to translate customer Information Security requirements into hardware and software specificationsProvide Cyber technical leadership for development teams building new multi-discipline (mechanical, electrical, software, hardware etc.) productsProvide Cyber technical leadership to development teams at internal and external gate reviews such as technical baseline reviews and design reviewsIdentify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives (hardware, software, cross-domain solutions, cryptographic devices, firewalls, intrusion detection systems, anti-virus systems and software deployment tools)Ensure RMF Information Security requirements and Program Protection requirements are addressed in all phases of the System Development Lifecycle (SDLC)Conduct security architecture analysis to evaluate and mitigate risks DoD 8570.01-M IASAE Level 3 certification (e.g. CISSP, ISSEP, ISSAP)Active Top SecretRequired Qualifications:
Bachelor’s Degree with a minimum of 9 years of prior related experience. Graduate Degree with a minimum of 7 years of prior related experience. In lieu of a degree, minimum of 13 years of prior related experience.Preferred Qualifications:
Active Top Secret/SCI Security Clearance preferredMinimum of 7 years of experience with vulnerability research and analysis of computer hardware, appliances, and/or embedded systemsMinimum of 7 years of experience with Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package developmentMinimum of 2 years of experience in writing and managing RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Certified Test Plan (CTP), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, Plans of Action and Milestones (POA&M), and Security Assessment Plans and Procedures (SAPP)Minimum 2 years of experience with system testing and evaluation methods and RMF assessment methodology & processesMinimum of 10 years of experience with IC and DoD Cyber organizations, including structure, engagement, customer relationship management, and Business DevelopmentMinimum of 5 years of experience with DCO and OCO Cyber Effects Operations (CEO)Minimum of 5 years of experience leading technical teams, decomposing requirements, solution development, implementation, and testing/qualification across a portfolioMinimum of 5 years of experience with computer hardware architecture, components, and protocolsMinimum of 3 years of experience with Modular Open Systems Approach (MOSA) standardsExperience in validating the NSA Crypto ModernizationExperience developing security overlays, data flow diagrams, internal requirements, CONOPs and interface control documents from customer and/or product requirementsExperience with administration and securing Linux (RHEL/CentOS), Microsoft products including Windows Server 2016+, Windows 10, Microsoft System Center Configuration Manager, and WSUSExperience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS/Nessus, Rapid7 Nexpose, etcExperience with architectures integrating VLANs, VRF, virtual switching, multi-layer switching, Multi-layer Firewalls, ACLs, secure configuration, VPN (IPSEC)Foundational knowledge of Layer 3 architecture and diagramming within Visio or other commercial productsUnderstanding of routing and switching as employed in telecommunications and network trafficGeneral knowledge of common threats to information systems and how compromise would damage system integrityExposure to model-based systems engineering (MBSE) tool suites (e.g., Cameo) and associated processesExperience with application of STIGs, CIS Benchmarks, and/or SCAP and developing associated POAMsWorking knowledge of embedded systems, appliances, FPGA, single-board computers, chipsets, and microprocessorsEngineering experience in non-traditional national security missions#LI-CJ1
Please be aware many of our positions require the ability to obtain a security clearance. Security clearances may only be granted to U.S. citizens. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information.
By submitting your résumé for this position, you understand and agree that L3Harris Technologies may share your résumé, as well as any other related personal information or documentation you provide, with its subsidiaries and affiliated companies for the purpose of considering you for other available positions.
L3Harris Technologies is proud to be an Affirmative Action/Equal Opportunity Employer. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state or local laws. L3Harris maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks, where permitted by law.
L3Harris Technologies is an E-Verify Employer. Please click here for the E-Verify Poster in English or Spanish. For information regarding your Right To Work, please click here for English or Spanish.