|Location||Fort Worth, TX|
|Date Posted||January 3, 2019|
The Embedded Cybersecurity Architect is responsible for the integration of cybersecurity requirements into the Elbit Systems of America product offering such as airborne product mission computers and avionics displays. The candidate shall be experienced in developing Risk Management Framework (RMF) artifacts and understand system categorization, application of overlays and deduce NIST, DoD, CNSSI and NSTSSM regulations into product cybersecurity requirements. The candidate shall provide guidance for security controls, hardening of products, derive and manage security requirements, risk management, technical planning, threat and vulnerability assessments, systems level design, systems integration, verification and validation including security testing and evaluation, and supportability and effectiveness analyses for the total systems.
- Leads cybersecurity efforts in support of airborne and ground based products to include embedded cyber implementations, integration, security testing and mitigating issues from testing
- Analyzes software, firmware and hardware designs and architect cybersecurity requirements into the product
- Supports the formal Security Test and Evaluation process required by each government acceptance and approval authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports
- Directs development efforts to ensure cybersecurity controls are integrated to meet platform security posture and the Department of Defense (DoD) Authorizing Officials program requirements
- Leads product security reviews with the ability to communicate issues and risks in business terms and make recommendations that balance risk/reward tradeoffs
- Analyzes software and firmware designs from a cyber security perspective, and identify and makes recommendations to implement cybersecurity requirements
- Analyzes hardware designs and implementations from a cyber security perspective and makes recommendations to resolve security issues
- Recommends embedded cybersecurity defense and countermeasures for avionics product designs
- Performs static and dynamic analysis of source code to achieve Software Assurance (SwA) goals
- Conducts penetration testing on selected products
- Mentors other cybersecurity interns/employees as required
- Conducts research, evaluates and assesses emerging embedded cyber security threats and trends
- Research's, evaluates and tests new cyber security tools and capabilities
- Suggests and implements new tools and efficiency improvements for development of secure software
Experience / Skills needed:
- System Security Architect with expertise in critical security integrity and anti-tamper topics including multicore secure boot and cryptographic services for embedded real-time systems.
- Experience with the DoD Risk Management Framework (RMF) and a strong technical background in guiding policy makers and interpreting existing policy in accordance with Department of Defense (DoD) objectives.
- Strong knowledge of NIST SP 800-53 security controls and Application of National Institute of Standards and Technology (NIST) SP-800 series controls and policies, and Security Technical Implementation Guides (STIGs) to the systems design and implementations.
- Experience with system engineering lifecycle, requirements analysis and mapping, testing, and implementation.
- Experience writing Cyber Security Implementation Plan (CSIP), Cyber Security Test Plans, Cyber Security Test Reports and Plan of Actions and Milestones (POA&Ms)
- Understand the principles of cybersecurity (Confidentiality, Integrity, Availability and non-repudiation).
- Understand system security vulnerabilities and attacks vectors
- Experience with Department of Defense, Government Certification and Authorizing Officials and federal customer base
- Experience with achieving Authority To Operate (ATO), or Interim Authority To Test (IATT) on a systems delivery or deployment effort
- Software development experience in one of the following core languages: C, C++ or C# is highly desirable
- Strong verbal and written communication with the ability to distill complex problems
- Experience briefing technical and non-technical management on cyber issues, threats, vulnerabilities and risk reduction strategies
- Familiar with the use of static and/or dynamic software vulnerability tools, (HP Fortify, Klocwork, Nessus/Tenable, Retina) and other security tools
- Bachelor's Degree Required; Master's Preferred
Specific Degree Field:
- Bachelor Degree (BS or BA). Degree in technical engineering or equivalent preferred.
- Certified Information Systems Security Professional (CISSP)
- Systems Security Certified Professional (SSCP)
- Certified Ethical Hacker (CEH)