System Cybersecurity Engineer

Colorado Springs, CO, United States

System Cybersecurity Engineer

System Cybersecurity Engineer, Senior

Petersen Space Force Base

Colorado Springs, Colorado

HX5 is an award-winning provider of engineering, research and development, and technical services to clients such as NASA and the Department of Defense. Founded in 2004, HX5 is a fast-growing veteran- and woman-owned company with locations nationwide.

HX5 is recruiting for a System Cybersecurity to join the team, supporting the Legacy Space Program Office.

Essential Duties and Responsibilities:

Involved in managing and assisting with the full integration of cybersecurity into all phases of acquisition, upgrade, and modification programs, including design, development, testing, fielding, operation, sustainment, and assessment of Risk Management Framework (RMF) compliance.

The cybersecurity support encompasses cybersecurity processes, procedures, and functions to include reviewing data, and assessing compliance of the cybersecurity posture for systems.

Provide cybersecurity A&A support services, assist the Government in preparing system cybersecurity documentation related to operations and reviews cybersecurity documentation to ensure satisfaction of Security Engineering and Assessment requirements (system control identification).

Includes reviewing implementation and validation plans, assist with the entry and review of entered information to the Information Technology Investment Portfolio System (ITIPS), assist with the preparation and review of Federal Information Security Management Act (FISMA) documentation, and assess system compliance and enter data into Enterprise Mission Assurance Support Service (eMASS).

Direct support of the primary mission of NCMC-ITW/AA which is to networks and associated components through an enterprise-wide set of integrated mission capabilities, support services, and data products that provide military authorities with accurate, timely, unambiguous and continuous warning and attack assessment of air, missile and space threats.

Sustains unique space C2 systems, networks and associated components through an enterprise-wide set of integrated mission capabilities, support services, and data products that provide space situational awareness, object tracking and deconfliction.

Provide direct support to the NCMC-ITW/AA program office which shall enable the Strategic Warning and Surveillance System Division (SW&SS) to effectively execute, monitor and document cybersecurity efforts on architecture upgrades and sustainment efforts to include:

Provides support to the ECQN/Z program office security system engineering team during the system requirement definition, design, and implementation and testing phases of programs; ensure operating Assist, develop, prepare, and deliver to the Government compliant program management deliverables required to plan and contract for sensor and command and control systems in the SW&SS Division portfolio.

Provide oversight on the development and sustainment of the systems security posture of the systems and the Certification and Accreditation (C&A) / Authorization packages.

Ensures the Risk Management Framework (RMF) documentation defines security procedures for system users, administrators, and maintainers; ensure information system life-cycle responsibilities are documented to include responsibility for re-accomplishing risk analysis, security testing, and certification due to modification or changes to the systems; maintain C&A info in the Systems Compliance Database, Information Assurance Repository Directory website.

Security Authorization requirements, developing and enhancing the security risk posture, and analysis and reporting of Cybersecurity metrics, demonstrated expertise in security policy and implementation.

Utilize National Institute of Standards and Technology (NIST) 800 series special publications in the development of new system artifacts to ensure compliance with new RMF requirements and to interpret requirements as necessary to ensure system compliance or provide operational justification when deemed necessary.

Documents Authorization To Operate (ATO), (through ITIPS, eMASS, RMF, etc.); review Federal Information Security Management Act (FISMA) reports and coordinate updates as required for RMF packages to ensure the Investment Technology Investment Portfolio System (ITIPS) for the program is current; support the completion of all Cybersecurity taskers (Annual Control Validations, NC3 Cyber Updates, DoD CIO Scorecard, escalation briefings, etc.

Provides technical expertise with systems engineering to ensure Information Assurance compliance and secure cyber posture with respect to availability, integrity, authentication, confidentiality, and non-repudiation. Assist with system design reviews and develop recommendations to secure and or mitigate the system architectures

Experience with DISA Security Technical Implementation Guides (STIG), Assured Compliance Assessment Solution (ACAS), and other DoD cybersecurity tools

Support the development and delivery of RFS proposals and/or Rough Orders Magnitude (ROMs) for initiatives as required

Works with the program office engineer team to review proposed new design and or software upgrades to ensure any changes to the system doesn't degraded system.

Assist in the creation of the Authority to Operate (ATO), and Authority to connect (ATC) procedures.

Adhere to and have full understanding of the Policies/Roles and Guidance within the following DOD publications;

(a) NIST SP 800-30, Guide to Conducting Risk Assessments

(b) DoDI 8500.01, Cybersecurity

(c) DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), July 19 2022

(d) AFI 17-101, Risk Management Framework (RMF) for Air Force IT

Focal point for validating systems patching plan and design of security into the technical solution. Develop or modify implementation and design documents describing how security features are implemented.

Conduct assessment of Identity Solution according to guidance from NIST as described in Special Publication 800-63

Demonstrate excellent interpersonal skills, strong written, communication, oral presentation skills, and ability to lead group discussions.

Ability to problem solve and troubleshoot various situations to develop successful outcomes within established program/project guidelines

Experience working with Static Code Analysis tools is preferred.

Experience with software development lifecycle tools (including bug tracking software) is desired.

Working knowledge of architecture and design of solutions using cloud-based technologies or experience with Microsoft Azure, AWS, GPS or other cloud technologies

Proficient with a variety of DevOps tools and techniques

Knowledge of software development and systems development lifecycle practices, preferably in an agile development environment

Experience in software security testing, methodologies, and frameworks

Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.

Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol

Education and Experience:

Must have one of the following combinations of education and experience:

BA/BS in a related field, and eight (8) years of experience in Systems Cybersecurity

Hold a DoD 8570 Information Assurance Management Level III certification

Hold or be actively pursuing security-related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA

Position Type/Expected Hours of Work:

This is a full-time position requiring 40 hours per week and offers a flexible work schedule Monday through Friday during core business hours.

Other Position Requirements:

Proof of U.S. Citizenship or US Permanent Residency is a requirement for this position.

Must be able to complete a U.S. government background investigation.

Must be able to obtain a Secret clearance.

Must be able to travel, up to 25% including air travel.

HX5 offers a competitive salary and benefits package to include:

Medical/Dental/Vision Insurance

401(k) plan with Company Match

Paid Holidays

Paid Time Off

Parental Leave

Life Insurance

Tuition Reimbursement

Identity Protection

Medical and Dependent Care Flexible Spending Accounts

Commuter/Transit Spending Accounts

Group Legal Coverage Options

Pet Insurance

HX5, LLC is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.

HX5, LLC is a Drug Free Workplace Employer.

ACCESSIBILITY NOTICE:

If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability, pleasecall (850) 362-6551.

CJ