Engineer Senior - Information Systems Security at Ball Aerospace (Greater Boulder Area)
Powered by endlessly curious people with an unwavering mission focus, Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most.
We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit Ball Aerospace Career Site or connect with us on LinkedIn , Facebook , Twitter or Instagram .
The Security and Mission Assurance Strategic Capability Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge.
Engineer Senior - Information Systems Security
Perform the engineering of information security functions, address the security aspects associated with the engineering of non-security functions, and protect the integrity of intellectual property and otherwise sensitive data, information, technologies, and methods utilized as part of the end-to-end mission assurance effort.
What You'll Do:
- Serve as an information systems security engineer for a national program, consulting the development, integration, and configuration of information systems.
- Apply extensive technical expertise in support of the development of System Security documentation, and implement the program security plans, policies, and procedures necessary to ensure compliance with all company and government requirements.
- Coordinate security-related activities with the government security stakeholders, Information System Owner (ISO), Information Systems Security Officer (ISSO), Information System Security Manager (ISSM), and Common Control Provider (CCP).
- Lead Risk Management Framework (RMF) Assessments and Authorization (A&A) efforts, to include POA&M mitigation, the Continuous Monitoring program, and interfacing with government counterparts.
- Develop and update information security policy documentation for the contract, ensuring that it aligns with best practices and remains consistent with the current operating environment.
- Applying best practices and processes to capture, refine, and assist in the prioritization of requirements based on risk, engineering principles, and mission requirements.
- Work alongside as a developer/engineer to provide enhanced security architectures, development tools, and information systems to facilitate secure missions.
- Develop, configure, maintain, and monitor system security architectures, identifies vulnerabilities, and provides suggested mitigation alternatives.
- Participates in design, development, and implementation of information systems to ensure these systems follow required security features and safeguards.
- Evaluates vulnerability and compliance scan results and works with system developers and system administrators to eliminate or mitigate findings.
- Generates Assessment & Authorization (A&A) documentation and artifacts (i.e., System Security Plans, Network Interface Planning Documents, etc.) for import / upload to the Xacta tool.
- Proposes categorization of information systems based on types of information processed, in conjunction with DAO Representatives and ISOs.
- Coordinates with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understanding of development and application of security controls, and security tradeoffs and other decisions.
- Maintain a comprehensive and holistic system view while addressing stakeholder security risks and concerns regarding information integrity and assurance implementation through the application of Systems Engineering skills.
- Ensure that relevant threat and vulnerability data is considered in support of information security decisions.
- Provide input to requirements, engineering, and risk trade space analyses to achieve a cost-effective security architectural design for protections that enable mission success.
- Promote development of a strong team by participation in key aspects of the project and mentoring more junior team members.
- Develop detailed development schedules and manage team activities to meet delivery milestones.
- Maintain a regular and predictable work schedule.
- Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Capability Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
- Perform other duties as necessary.
What You'll Need:
- BS degree or higher in Engineering or a related technical field is required plus 8 or more years related experience.
- Each higher-level degree, i.e., Master's Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
- A current, active TS/SCI security clearance is required.
- Demonstrate excellent interpersonal skills, strong written, communication, oral presentations skills, and ability to lead group discussions.
- Demonstrated competency in engineering related functional or cross-functional security areas (e.g., security engineering, IT operations security design, cybersecurity).
- Working knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
- Working knowledge of ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures.
- Working knowledge of DoD/IC system security control requirements, roles, missions, and operational enterprise architecture.
- Working knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Working knowledge of network access, identity, and access management (e.g., PKI)
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- Ability to write CTPs based on DISA STIGs, Executing CTPs for witness testing.
- Ability to work with engineers and system administrators to correct scan findings / system vulnerabilities.
- Working knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization guidelines) relating to system design.
- Ability to translate security requirements into functional requirements and options for developers.
- Security control inheritance from enterprise security services and communicating these to developers.
- Experience using NESSUS / Security Center.
- DevSecOps experience.
- Amazon Web Services experience.
- Experience working in the Government Cloud (GovCloud) environment.
- Willingness to complete CISSP, CASP CE, CSSLP, or DoDD 8140 (DoDD 8570) IA SAE level I, level II, or level III certification.
- SANS - SEC 504, SEC 545 or, SEC 501 preferred.
- AWS Certification (Developer, DevOps, or Architect) or equivalent certification preferred.
- ISC2 CCSP or CSA CCSK preferred.
- Ball Aerospace is a drug-free workplace, which is imperative to the health and safety of all employees and is required as a condition of receiving contracts from federal agencies. Please remember that regardless of the legalization of marijuana in Colorado and other states, possession and use continues to be illegal under the federal Controlled Substances Act. This includes the use of some CBD products. A post-offer, pre-employment drug test is a condition of employment.
- Work is performed in an office, laboratory, production floor, or clean room, outdoors or remote research environment.
- May occasionally work in production work centers where use of protective equipment and gear is required.
- May access other facilities in various weather conditions.
- Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Verification that your current security clearance or government customer access meets the requirement for this position will be required.
Relocation for this position is available.
Compensation & Benefits:
- HIRING SALARY RANGE: $129,500 - $163,500 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.)
- This position includes a competitive benefits package. For details, copy and paste https://bit.ly/3pNSnxv into your browser or visit our careers site.
US CITIZENSHIP IS REQUIRED
Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.