Cybersecurity Engineer

Cybersecurity Engineer

Work Location: Huntsville, AL

Schedule: Full Time; 40 hours per week remote work not authorized

Relocation: Negotiable

IronMountain Solutions is seeking a Cybersecurity Engineer to provide aviation weapon-system cybersecurity support for the MV-75 Program. This position supports the U.S. Government MV-75 Program Office by advising on the cybersecurity risk posture, RMF strategy, platform security requirements, tactical Authorization to Operate (ATO) readiness, and cybersecurity compliance of the MV-75 weapon system. Candidates should be highly motivated, a self-starter, and able to work effectively across Government, OEM, system engineering, cyber, test, airworthiness, software, and acquisition stakeholders. Candidates must  have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance.  Per Federal regulations; only citizens of the United States are able to obtain a Clearance. 

Job Duties:

• Support the MV-75 Program Office as a tactical aviation weapon-system cybersecurity engineer focused on platform risk, RMF execution, and embedded system security solutions
• Review, assess, and advise on OEM on cybersecurity artifacts, including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, continuous monitoring strategies, hardware/software inventories, architecture diagrams, interface descriptions, and control implementation evidence.
• Translate RMF controls into aviation platform-relevant requirements, verification approaches, and risk statements that apply to embedded avionics, mission systems, tactical databus architectures, software loads, maintenance systems, and support equipment
• Support cybersecurity requirements decomposition, allocation, traceability, and verification across MV-75 system, subsystem, software, hardware, mission equipment, and external interface boundaries.
• Advise the Government on cybersecurity risk posture, residual risk, mitigation sufficiency, operational impacts, and ATO decision readiness for the MV-75 platform.
• Review cybersecurity implementation evidence against applicable DoD, Army, and program requirements, including RMF, NIST SP 800-53/800-53A, DoDI 8510.01, Army cybersecurity policy, and program-specific authorization guidance.
• Coordinate with Government cybersecurity, systems engineering, test, airworthiness, logistics, software, and acquisition stakeholders to ensure cybersecurity considerations are integrated into platform engineering and program decision processes.
• Assess cybersecurity impacts of proposed engineering changes, software updates, configuration changes, interface changes, obsolescence actions, and system-of-systems integrations.
• Review vulnerability assessment results, scan outputs, penetration test findings, software assurance results, supply chain risk inputs, and cyber test evidence to determine platform-level risk and required Government action.
• Support cybersecurity input to test planning, verification events, lab events, flight test readiness, operational test planning, and Government reviews.
• Evaluate cybersecurity risks associated with embedded real-time operating systems, avionics networks, mission systems, tactical data links, aircraft maintenance interfaces, ground support equipment, and external system interfaces.
• Support development of risk-based recommendations for control tailoring, inherited/common controls, compensating controls, mission-based risk acceptance, continuous monitoring, and POA&M closure.
• Assist the Government in preparing decision-quality cybersecurity briefings, risk summaries, authorization status updates, and technical recommendations for program leadership and authorizing officials.
• Maintain awareness of platform cybersecurity issues across acquisition, development, test, fielding, sustainment, and modernization activities.
• While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use tools or controls; normal physical activity (reach with hands and arms; climb stairs): and communicate effectively with all levels of employees and leadership. The employee must occasionally lift or move office products and supplies up to 25 pounds.

Qualifications:

• BS degree in Cybersecurity, Computer Engineering, Electrical Engineering, Systems Engineering, Computer Science, Aerospace Engineering, or a related technical field.
• 10+ years of relevant cybersecurity, systems security engineering, RMF, and tactical/embedded security. Aviation system acquisition experience desired. 
• Experience supporting DoD weapon systems, aviation platforms, tactical systems, embedded systems, mission systems, or platform cybersecurity authorization activities.
• Knowledge of RMF processes, ATO packages, security control implementation evidence, POA&Ms, continuous monitoring, and cybersecurity risk acceptance
• Ability to interpret cybersecurity controls and translate them into platform-relevant requirements, verification criteria, technical risks, and operational impacts.
• Familiarity with aviation or tactical system architectures, including avionics, mission systems, databus interfaces, support equipment, software loads, embedded controllers, tactical networks, or platform integration environments.
• Familiarity with embedded real-time operating systems is preferred.
• Familiarity with aviation and tactical interface standards such as MIL-STD-1553, ARINC-429, ARINC-664, ARINC-653, Ethernet, CAN bus, tactical radios, and tactical data links
• Experience reviewing or developing cybersecurity documentation such as SSPs, SAPs, SARs, SCTMs, POA&Ms, CONMON strategies, architecture diagrams, accreditation boundaries, PPSM/ports-protocols-services data, and system security requirements.
• Strong written and verbal communication skills with the ability to explain technical cybersecurity risk to engineering acquisition, test, and leadership audiences.
• Ability to develop strong working relationships with MV-75 personnel, Government stakeholders, OEM representatives, and supporting contractors.
• Ability to manage complex technical issues, coordinate across multiple organizations, and provide clear recommendations to Government leadership.

Security Clearance

Candidates have an active Secret clearance or have the ability to obtain and maintain an active Secret level security clearance.

IronMountain Solutions is an Equal Opportunity Employer