NOTE: This position can be based out of Arlington, VA or Blacksburg, VA. Please apply for the location you prefer.
The Lead Cyber Security Systems Engineer, located in Arlington, VA or Blacksburg, VA, is a key member of the growing Engineering, Test, & Evaluation division (ETED) and is a critical company-wide cyber security professional engaged in a wide range of cross-division activities. The role will apply cyber security engineering expertise in researching, designing, developing, testing, integrating, and optimizing innovative capabilities across a wide range of wireless communications technologies and applications for a growing set of customers and internal projects.
- Be the organization’s sought-after technical leader in cyber security within application development activities, prototype development, lab testing, and network builds
- Advance projects by applying deep cyber security principles in software engineering and wireless communications systems development involving WiFi, 4G LTE, and 5G protocols
- Conduct technical assessments of threats/vulnerabilities within cutting-edge new wireless network systems (RAN, Core, edge, transport) developed internally and/or by customers.
- Support the development of a new, innovative cyber security testbed capable of providing vulnerability testing and validation and red/blue team testing.
- Apply your Cyber Security Engineering expertise to optimize a defense-in-depth posture associated with prototype capabilities and testbeds by providing recommendations on security controls and methods of detection, prevention/mitigation, and defense.
- Take the lead in executing cyber security related tasks and meetings required to obtain Interim Authorization to Test (IATT) and Authorization to Operate (ATO) for DoD clients
- Review artifacts for compliance and gaps; map those artifacts to the appropriate NIST 800-53 controls; and establish compliance schedule in coordination with engineering teams
- Continue to keep your skills up-to-date on the latest cybersecurity trends, tools, threats, methodologies, and best practices
- Conduct cybersecurity test and evaluation of innovative hardware and/or software designs to verify and validate compliance with defined specifications and requirements.
- Utilize programming/scripting skills to automate data manipulation and perform data analytics.
- Design and test custom software for preventing malicious tampering of network infrastructure and files.
- Maintain and support enterprise Cyber Security Engineering requirements.
- Recommend design changes which prevent repeated vulnerability assessment findings.
- Support project managers in identifying and executing security tasks for project plans
- Develop technical presentations, reports and test plans
- Provide technical expertise in proposal development to capture new work.
- Additional future cyber security-related duties associated with a growing project and customer base.
- 10+ years of related experience in the cyber security domain as a Security Engineer or equivalent
- Demonstrated knowledge in planning and executing systems engineering activities with a focus on cyber security within the software and wireless communications domains.
- Knowledge of networking protocols and architectures (OSI-model, TCP/IP, VPNs, network routing, etc).
- Knowledge of DoD cybersecurity requirements, policies, and procedures to include assessment and authorization activities.
- Understanding of regulatory requirements such as NIST 800-53 and the DoD Risk Management Framework (RMF).
- Prior experience supporting system Authority to Operate (ATO)/IATT processes, and creating artifacts, control implementation details, and POAMs.
- Knowledge information assurance/ information security (IA/IS) architecture, network design processes, and network security architecture, including defense-in-depth principles.
- Developing, extending, or modifying exploits, shellcode or exploit tools.
- 2+ years experience in shell scripting or automation of simple tasks using Perl, Python.
- <Experience with software development tools and frameworks, including source control management tools (e.g., Git) and modern software development methodologies (e.g., Agile)
- Knowledge of fundamental computer forensics, advanced cyber threats and adversary methodologies, vulnerability and compliance assessments and mitigation
- Proven ability to establish objectives, formulate plans and processes, and implement solutions.
- Ability to work independently as needed and as part of a multidisciplinary team.
- Excellent customer service skills and positive relationships building with clients and partners.
- Proficient with Microsoft Word, Excel, and PowerPoint, Visio and Project.
- Possess superior analytical, writing, and interpersonal skills.
- Bachelor of Science (B.S) in Computer Science, Systems Engineering, Electronics Engineering or related technical discipline (required).
- Active Secret security clearance (minimum required).
- Knowledge of network security architecture including encryption and virtual private networks, device authentication, and cellular networking standards (e.g., 3GPP)
- Experience with cryptography and security concepts, including key-agreement protocols, authentication, encryption, and related concepts.
- Knowledge of Zero Trust architecture and ZT principles
- Experience with embedded systems and the implementation of wireless protocol stacks
- Experience with embedded security topics such as firmware/software reverse engineering and vulnerability discovery
- Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structures.
- Knowledge of MBSE DoDAF architecture requirements and experience developing packages for integration of systems into existing DoD systems/architectures
- DoD 8570 Level II certification (SANS certifications, CISSP, OSCP, CEH or equivalent).
- Master of Science in Computer Science, Systems Engineering, or related engineering discipline
- Active TS/SCI Clearance desired (not required)
Virginia Tech Applied Research Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Virginia Tech Applied Research Corporation uses E-Verify to confirm the employment eligibility of all newly hired employee. To learn more about E-Verify, including your rights and responsibilities, please visit www.E-Verify.go