As a Cybersecurity Engineer III (SSE) at SNC, you will be at the forefront of safeguarding our systems throughout the acquisition lifecycle. You will play a critical role in ensuring the highest standards of cybersecurity and Information Assurance (IA) solutions for SNC and our valued customers. Your expertise will be pivotal in maintaining the confidentiality, integrity, and availability of our systems. By collaborating closely with system owners, administrators, engineers, and program managers, you will ensure that cybersecurity controls are effectively implemented and maintained throughout the system lifecycle. Join our dynamic and fast-paced environment, where your contributions will make a significant impact!
The Mission Solutions and Technologies (MST) business area provides affordable, turn-key command/control, communications, integrated ISR, force protection and security solutions worldwide. The MST team has a long legacy of supporting the Department of Defense, Department of Homeland Security, commercial and international customers with years of experience in platform operations, engineering and full lifecycle management across domains – air, land, sea, space and cyber. https://www.sncorp.com/company/business-areas/
Responsibilities:
- Perform Cybersecurity Engineering and IIA job functions: establish and validate system boundaries; ensure comprehensive documentation of information systems, functionalities, data governance, and adherence to compliance standards and processes; collaborate with cross-functional teams to validate security requirements
- Develop and manage security documentation in support of NIST 800-171 compliance activities, including System Security Plans (SSPs), Plans of Action & Milestones (POA&M), software and hardware inventory, network diagrams, INFOSEC policies, and configuration management processes, ensuring audit readiness.
- Provide input to CMMC documentation: Systems Security Plan (SSP), Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedure, Risk Assessment Report, and Configuration Management
- Integrate security requirements: ensure cybersecurity requirements are effectively incorporated into information systems throughout the Systems Development Life Cycle (SDLC) using methodologies such as Agile and DevSecOps; implement secure design, architecture, and coding practices, with continuous feedback loops for ongoing security enhancements.
- Conduct security risk assessments: perform detailed risk assessments, including threat modeling and penetration testing, to identify vulnerabilities and tailor security controls to protect systems and information; stay updated with emerging threats and vulnerabilities to continuously enhance risk assessment practices.
- Lead configuration management: oversee the configuration management process, providing expert guidance during system development and acquisition to ensure security compliance; utilize tools such as ServiceNow and CMDB for effective configuration management and conduct regular audits and compliance checks.
- Coordinate compliance activities: conduct periodic and ad-hoc validation and security control assessments, ensuring ongoing compliance with NIST 800-171, corporate policies, program contracts, and all specific identified requirements.
- Enhance technical cybersecurity/IA skills: maintain and continuously develop your technical skillset in cybersecurity and information assurance, focusing on areas such as IT enterprise environments, cloud security, incident response, and system architecture reviews.
- Periodic travel to SNC, customer, and partner facilities to support program and business-wide activities.
- Follow SNC policies, processes, and procedures for all technical activities.
- Punctuality to work each day and prepared to work scheduled work hours.
- Other duties as assigned.
Must-haves:
- Bachelor's degree in Systems Security, Network Engineering, Information Technology, or related Engineering discipline and typically 6 years of relevant experience
- Relevant experience may be considered in lieu of required education
- DoDD 8140 IAT Level II *Required within 6 months of hire.
- Strong communication skills; ability to translate complex cybersecurity information into quantifiable business risk and communicate risk effectively to business and executive leaership.
- Cisco, Microsoft, Linux, Azure/Cloud or other technical certifications a plus
- Knowledge of technical standards relating to systems security; UNIX, Linux, and Windows administration, experience with large-scale servers and large-scale enterprise IT environments, virtualization and containerization, cloud computing (Azure preferred), secure network architecture, cybersecurity stack experience (web filtering, SSL inspection, DLP, antivirus, firewalls, PCAP, SIEM, etc.)
- Solid understanding of at least one security framework (preferably NIST 800-171), NIST 800-53 second preferred
- Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture
- Strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and flexibility through learning and adaptation.
- Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
- High degree of attention to detail
Preferred:
- CISSP, Security+, CISA, CASP+, or other relevant security certification
- MCSE, Linux, and/or CCNP security certification
- Azure cloud certifications, or other relevant cloud certification
- Other relevant IT and/or technology certification
Estimated Starting Salary 98,633.53 - 135,621.11 USD Annually
#Ll-hybrid
SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more.
IMPORTANT NOTICE:
This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.
SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!
As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination. Employment decisions are made without regarding to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or other characteristics protected by law. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.