Cybersecurity Engineer at IronMountain Solutions

<p>Cybersecurity Engineer</p> <p>Work Location: Huntsville, AL</p> <p>Schedule: Full Time; 40 hours per week remote work not authorized</p> <p>Relocation: Negotiable</p> <p>IronMountain Solutions is seeking a <strong>Cybersecurity Engineer to provide aviation weapon-system cybersecurity support</strong> for the MV-75 Program. This position supports the U.S. Government MV-75 Program Office by advising on the cybersecurity risk posture, RMF strategy, platform security requirements, tactical Authorization to Operate (ATO) readiness, and cybersecurity compliance of the MV-75 weapon system. Candidates should be highly motivated, a self-starter, and able to work effectively across Government, OEM, system engineering, cyber, test, airworthiness, software, and acquisition stakeholders. <strong>Candidates must&nbsp; have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance.&nbsp; Per Federal regulations; only citizens of the United States are able to obtain a Clearance.</strong>&nbsp;</p> <p><strong>Job Duties:</strong></p> <ul> <li>Support the MV-75 Program Office as a tactical aviation weapon-system cybersecurity engineer focused on platform risk, RMF execution, and embedded system security solutions</li> <li>Review, assess, and advise on OEM on cybersecurity artifacts, including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&amp;Ms, continuous monitoring strategies, hardware/software inventories, architecture diagrams, interface descriptions, and control implementation evidence.</li> <li>Translate RMF controls into aviation platform-relevant requirements, verification approaches, and risk statements that apply to embedded avionics, mission systems, tactical databus architectures, software loads, maintenance systems, and support equipment</li> <li>Support cybersecurity requirements decomposition, allocation, traceability, and verification across MV-75 system, subsystem, software, hardware, mission equipment, and external interface boundaries.</li> <li>Advise the Government on cybersecurity risk posture, residual risk, mitigation sufficiency, operational impacts, and ATO decision readiness for the MV-75 platform.</li> <li>Review cybersecurity implementation evidence against applicable DoD, Army, and program requirements, including RMF, NIST SP 800-53/800-53A, DoDI 8510.01, Army cybersecurity policy, and program-specific authorization guidance.</li> <li>Coordinate with Government cybersecurity, systems engineering, test, airworthiness, logistics, software, and acquisition stakeholders to ensure cybersecurity considerations are integrated into platform engineering and program decision processes.</li> <li>Assess cybersecurity impacts of proposed engineering changes, software updates, configuration changes, interface changes, obsolescence actions, and system-of-systems integrations.</li> <li>Review vulnerability assessment results, scan outputs, penetration test findings, software assurance results, supply chain risk inputs, and cyber test evidence to determine platform-level risk and required Government action.</li> <li>Support cybersecurity input to test planning, verification events, lab events, flight test readiness, operational test planning, and Government reviews.</li> <li>Evaluate cybersecurity risks associated with embedded real-time operating systems, avionics networks, mission systems, tactical data links, aircraft maintenance interfaces, ground support equipment, and external system interfaces.</li> <li>Support development of risk-based recommendations for control tailoring, inherited/common controls, compensating controls, mission-based risk acceptance, continuous monitoring, and POA&amp;M closure.</li> <li>Assist the Government in preparing decision-quality cybersecurity briefings, risk summaries, authorization status updates, and technical recommendations for program leadership and authorizing officials.</li> <li>Maintain awareness of platform cybersecurity issues across acquisition, development, test, fielding, sustainment, and modernization activities.</li> <li>While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use tools or controls; normal physical activity (reach with hands and arms; climb stairs): and communicate effectively with all levels of employees and leadership. The employee must occasionally lift or move office products and supplies up to 25 pounds.</li> </ul> <p><strong>Qualifications:</strong></p> <ul> <li>BS degree in Cybersecurity, Computer Engineering, Electrical Engineering, Systems Engineering, Computer Science, Aerospace Engineering, or a related technical field.</li> <li>10+ years of relevant cybersecurity, systems security engineering, RMF, and tactical/embedded security. Aviation system acquisition experience desired.&nbsp;</li> <li>Experience supporting DoD weapon systems, aviation platforms, tactical systems, embedded systems, mission systems, or platform cybersecurity authorization activities.</li> <li>Knowledge of RMF processes, ATO packages, security control implementation evidence, POA&amp;Ms, continuous monitoring, and cybersecurity risk acceptance</li> <li>Ability to interpret cybersecurity controls and translate them into platform-relevant requirements, verification criteria, technical risks, and operational impacts.</li> <li>Familiarity with aviation or tactical system architectures, including avionics, mission systems, databus interfaces, support equipment, software loads, embedded controllers, tactical networks, or platform integration environments.</li> <li>Familiarity with embedded real-time operating systems is preferred.</li> <li>Familiarity with aviation and tactical interface standards such as MIL-STD-1553, ARINC-429, ARINC-664, ARINC-653, Ethernet, CAN bus, tactical radios, and tactical data links</li> <li>Experience reviewing or developing cybersecurity documentation such as SSPs, SAPs, SARs, SCTMs, POA&amp;Ms, CONMON strategies, architecture diagrams, accreditation boundaries, PPSM/ports-protocols-services data, and system security requirements.</li> <li>Strong written and verbal communication skills with the ability to explain technical cybersecurity risk to engineering acquisition, test, and leadership audiences.</li> <li>Ability to develop strong working relationships with MV-75 personnel, Government stakeholders, OEM representatives, and supporting contractors.</li> <li>Ability to manage complex technical issues, coordinate across multiple organizations, and provide clear recommendations to Government leadership.</li> </ul> <p><strong>Security Clearance </strong></p> <p>Candidates have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance.</p> <p>IronMountain Solutions is an Equal Opportunity Employer</p>