Sr Cybersecurity Engineer

Company: Sierra Nevada Corporation
Location: Sparks
Posted on: October 13, 2021

Job Description:

If you like solving complex IT problems using your deep analytical skills, this is the opportunity for you! As a Sr Cybersecurity Engineer, you will be using your skills and expertise to design, test, and implement our secure operating systems, networks, security monitoring, and tuning. You'll be responsible for the management of our IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions, conducting risk and vulnerability assessments, and developing and implementing security controls. You'll research, evaluate, and recommend new security tools, techniques, and technologies in alignment with our IT security strategy and introduce them to the enterprise.

As SNC's corporate team, we provide the company and its business areas with strategic direction and business support spanning executive management, finance and accounting, operations, human resources, legal, IT, information security, facilities, marketing, and communications. Learn more about SNC's Corporate team

PRIMARY RESPONSIBILITIES:      

• Apply the methods, standards, and approaches for researching, designing, and implementing secure enterprise information technology architecture

• Act as the organization SME on public cloud, network security and related technologies for the cybersecurity team

• Establish credibility and trusted advisor status with internal customers by developing and maintaining relationships with a variety of cybersecurity, architecture and business stakeholders, IT functional groups, operations, and project managers

• Apply secure system designs, tools, methods, and techniques to design enterprise solutions that optimize enterprise performance while ensuring cybersecurity and privacy principles adhere to organizational requirements

• Responsible for understanding complex business IT needs and managing research, design, solution development, governance, and security oversight of on-premises and cloud computing solutions

• Experience with leading public cloud providers and technologies (Google Cloud Platform, AWS, Azure) and traditional data center technologies as well as modern day application architectures is required

• Integrates with Enterprise Vulnerability Management activities to ensure continuous security monitoring is incorporated into enterprise systems

• Define, prioritize, and safeguard essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event through business continuity and disaster recovery planning

• Optimize enterprise architecture and cloud computing build-outs for cost and performance (VM optimization, reserved instances)

• Identify and oversee improvements to enterprise systems and cloud security configurations

• Recommend, develop, plan, manage, implement, and fully document IT projects

• Identify improvements to IT documentation, network maps, processes/procedures, and tickets

• Knowledge of Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 requirements

• Provide a Cyber Security and Information Security (INFOSEC) partnership with the business to ensure proper implementation of protections toward current and future projects

• Collaborate with security and IT staff to define, improve, implement and maintain information security policies, strategies, and procedures. As directed, draft written guides and process reference materials to assist IT team members meet policy and procedural requirements

• Analyze and correlate network artifacts, machine, and event data to develop preliminary outage and/or incident root cause and corresponding remediation strategy by using various data analytics techniques

• Create and Maintain Security Compliance documentation related to DFARS/NIST 800-171 standards: Security Plan, Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Risk Assessment Report, Security Assessment Plan and Report; Contingency Plan, Incident Response Plan, and Configuration Management

• Lead Enterprise Architecture Engineering and Cybersecurity/IA efforts by establishing or validating the system boundaries in describing Information Systems, their functions, and information types with specific security requirements

• Capture and refine cybersecurity requirements and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)

• Employ best practices when implementing security requirements within systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques

• Conduct security control assessments; review the adequacy of the security controls and their ability to protect the system and its information; tailor the security controls to ensure compliance

• Read, interpret, and implement Cybersecurity/IA regulations and requirements; develop and maintain managerial, operational, and technical Cybersecurity/IA skillset

Must Haves:

• Requires a BS in related field (Information Technology, Computer Science, Cybersecurity, Business Analytics). Relevant work experience as a Network Analyst/Administrator/Engineer, Systems Analyst/Administrator/Engineer, IT Analyst/Administrator, Software Engineer etc. may be substituted for required education.

• 6+ years related experience required

• Cloud Computing Certifications (desired)

  • MCSD (Azure Solutions Architect) or MCSE (Cloud Platform and Infrastructure)

  • Microsoft MCSA in Windows Server 2012R2 or 2016

  • Microsoft MCSA in Office 365 and SharePoint Online

  • Microsoft Azure Administrator Associate

  • Amazon Web Services (AWS) Solutions Architect

  • Amazon Web Services (AWS) Certified Security - Specialty

  • Google Cloud Professional Cloud Architect

• DoD 8570/8140 compliant: Security+, CASP, GCIH, CISSP and/or other equivalent certification (desired) Cisco, Microsoft, Linux, or other technical certifications a plus.

• Experience with the following tools: Cloud computing technologies (AWS, Azure), Network Security, Enterprise Vulnerability Management Platforms (Nessus, Nexpose, OpenVAS), Endpoint Security suites (McAfee ESM, Cylance, CrowdStrike Falcon Endpoint), Data Loss Prevention Software, and/or Security-focused data analytics platforms  (desired).

• Knowledge of technical standards relating to systems security; experience administering UNIX, Linux, and Windows operating systems, network devices, experience with large-scale server systems, cloud architecture, system virtualization and other related peripherals.

• Scripting experience (Bash, PowerShell, Python, JavaScript, Ruby, Go, or similar).

• Complete/thorough understanding of US Government Cybersecurity policies (desired).

• Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture.

• Strong communication skills, strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and deal effectively with changing project priorities.

• Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions.

• High degree of attention to detail.

• The ability to obtain and maintain a Secret U.S. Security Clearance is required. Learn more about the background check process for Security Clearances

IMPORTANT NOTICE:

This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance.  The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.

At Sierra Nevada Corporation (SNC) we deliver customer-focused technology and best-of-breed integrations in the aerospace and defense sectors. SNC has been honored as one of the most innovative U.S. companies in space, a Tier One Superior Supplier for the U.S. Air Force, and as one of America’s fastest-growing companies. Learn more about SNC

SNC offers annual incentive pay based upon performance that is commensurate with the level of the position.

SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 8%, life insurance, 3 weeks paid time off, tuition reimbursement, and more.

At Sierra Nevada Corporation (SNC), our mission is to dream, innovate, inspire and empower the next generation to transform humanity through technology and imagination. As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.

Keywords: Sierra Nevada Corporation, Sparks , Sr Cybersecurity Engineer, Other , Sparks, Nevada