Senior System Security Engineer (SSE)

Sabre Systems is currently hiring a Senior System Security Engineer (SSE) to support Unmanned Carrier Aviation Program Office (PMA-268) located at Patuxent River Naval Air Station. The selected candidate is to accomplish the following key duties/responsibilities in execution of PMA-268 Cybersecurity Team support: Provide support to PMA-268 Cyber Leads in execution of the PMA-268 Cybersecurity Program: Provide support in drafting and reviewing Program Documentation, Policies and Plans. Coordinate with PMA-268 Cyber Leads when changes occur that might affect system’s security posture, cybersecurity authorization(s) and/or certifications. Lead product specific System Security Engineering activities for all systems within scope of IPT: Provide oversight of all IPT cybersecurity activities. Review system documentation to obtain and sustain Subject Matter Expert (SME) level knowledge of the system architecture, functionality and capabilities. Work closely with the IPT Class Desk and IPT Leadership to ensure early engagement when cybersecurity items may impact the program cost, schedule, or performance. Develop and maintain a cyber schedule to include a detailed Work Breakdown Schedule (WBS) for significant efforts. Provide input for SOWs, DIDs, and CDRLs for IPT contract activities. Identify, define and document system security requirements for incorporation of product specifications. Conduct derivation and traceability of cyber requirements. Track execution and performance of security measures to protect information and network infrastructure and computer systems. Conduct critical function analysis. Identify Mission Essential Functions (MEF). Lead Critical Program Information (CPI) assessments. Understand vulnerabilities and attack vectors that have the ability to impact the cyber posture of the systems/environment. Identify and recommend security solutions to PMA-268 Cyber Leads. Perform SSE duties in support of Cyber Survivability Risk Assessments (CSRA) and CYBERSAFE to include leading execution of collaborative development of artifacts and data (Objective Quality Evidence, Mission Critical Function/Component Traceability). Lead DFIA implementation efforts through definition of enclaves and enclave boundary protection requirements. Lead system security certification and registration activities (e.g. CSfC, CDS, Cryptographic Modules). Lead IPT cybersecurity activities: Initiate, communicate and coordinate with stakeholders and SMEs to address actions and RFIs required for IPT cybersecurity activities in a timely manner (no actions/RFIs to be stagnant for longer than 2 weeks). Lead IPT SSE Working Group (SSEWG) to: Coordinate with Contractors/Organizations supporting IPT cybersecurity efforts. Maintain awareness of authorization of Systems/Subsystems. Review all IPT cybersecurity CDRLs. Actively participate as a stakeholder in change management processes to ensure cybersecurity posture is not impacted due to a change. Coordinate Risk Management (Opportunities, Issues, Risks) activities with Risk Managers (Cyber, PMA, Product) to document, socialize and work mitigation steps. Assist IPT ISSO with the following activities identified in the PMA-268 Cyber RMF Roles and Responsibilities chart: Defining Information Types: work with engineering to ensure the proper information types for the system(s) are identified. Approval of CIA: identify the initial CIA impact levels for the identified information types and socialize with the Class Desk for concurrence. Review POA&M: ensure awareness of all open findings and identify areas of concern that need to be socialized with the Class Desk when cost, schedule, or performance impacts are identified. Assist the ISSO with mitigation identification for open findings. Review hardware/software lists: investigate potential issues (e.g. Open Source, foreign software). In addition, the following are administrative team execution expectations for all PMA-268 Cybersecurity team personnel. Login to Microsoft Teams at the beginning of each day and have a headset to participate in Teams meetings. At a minimum, in person workdays in PMA-268 Program Office every Tuesday, Wednesday and Thursday unless pre-coordinated with PMA-268 Cyber Leads. Core office hours 0830-1430. Additional days in the office are required if there is work that requires in person/office presence to complete outside of the designated office days. Provide updates to the following: Cyber Status Slide (weekly) Microsoft Planner Task Status (weekly) Task Tracker (weekly) Cyber Schedule (biweekly) No actions to be stagnant for longer than 2 weeks. Provide meeting summary notes for meetings attended to the PMA-268 cyber team for awareness.