Senior System Security Engineer

Overview: Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com. Job Description Summary: The High Availability Architecture Group within the Systems Engineering directorate is seeking a Senior System Security Engineer to guide and facilitate concept development, mission-system analysis, and requirement definition & compliance for critical, yet novel & disruptive cyber resilient technologies. This handpicked candidate must possess a unified System Security, Cybersecurity, and Cryptography expertise that can expand Draper\’s insight to address national security threats which remain prevalent throughout critical enterprises, infrastructure, systems, and operations. A successful candidate will be equipped to propose modern solutions embedded with security awareness, that adhere to NIST, NSA, and DoD standards, to proactively mitigate unacceptable loss and unrecoverable downtime throughout their lifecycle. The multidisciplinary proficiencies supporting this initiative are System Security Concepts & Design Principles, Resilient Architecture, Anomaly & Contingency Management, and Cryptography & Key Management. Job Description: Daily Responsibilities Leveraging System Theoretic Process Analysis (STPA) for Attack Surface Analysis (ASA) to improve \”blue team\” designs and attack vector insights On-time delivery and maturating of System Security work packages such as: Attack Surface Traceability | Security Requirements | Security Architecture | Off-Nominal & Contingency scenarios | Anomaly Management policies Socializing and demystifying System Security, Cybersecurity, & Cryptography best practices and techniques to internal cross-disciplinary stakeholders such as: System Architecture | Avionics | Software | Hardware design teams Advocating for System Security best practices, to internal and external stakeholders & customers Quick turn application of critical thinking for problem framing, analyzing, and synthesizing complex problems qualitatively and quantitatively Documenting insights, findings, lessons learned, and maintaining a knowledge base of contributions within Draper\’s collaborative Digital Engineering tool suite General Duties Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems. Design computer security strategy and engineer comprehensive cybersecurity architecture. Identify, define and document system security requirements and recommend solutions to management. Monitor systems for irregular behavior and set up preventive measures. Plan, develop, implement and update company\’s information security strategy. Educate and train staff on information system security best practices. Able to take ownership of assignments and guide others as needed; successfully lead tasks while tracking priorities, scope, cost and schedule. Derive plans and approaches to solving complex problems across a program lifecycle, capturing all assumptions and adapting appropriately to changes in requirements with limited direction. Independently contributes high quality content for technical reports and presentations which shows an understanding of their task and an awareness of the intended audience. Demonstrates both confidence and success when presenting technical information during meetings with internal and external stakeholders. Identify program/system-level technical risks and develop and execute mitigation strategies for them. Actively mentor less experienced engineers and provide thoughtful, constructive feedback Skills/Abilities Curiosity-driven approach to solving complex, industry and customer-driven problems as part of a multi-disciplinary team. Collaborate and communicate effectively and openly with multi-disciplinary program team members. program leadership, and non-technical personnel Team player able to work in a fast-paced environment. Ability to balance multiple competing tasks and demands. Education Requires a bachelor\’s degree in Electrical Engineering, Computer Engineering, Mechanical Engineering, Systems Engineering, Applied Physics, or related field. Master\’s degree preferred. Experience Bachelor\’s degree requires 5-10 years\’ experience of working on System Security Engineer or other relevant position. Master\’s degree requires 3-5 years\’ experience of working on System Security Engineer or other relevant position. Additional Job Description: Preferred Qualifications : Proficiency applying System Theoretic Process Analysis for Security (STPA-Sec) to industry challenge problems Proficiency with Model-based System Engineering toolkits, such as Cameo/MagicDraw, DOORs/DoorsNG, Jama Connect for the purposes of attack surface modeling and rapid impact & gap analysis for validation An astute understanding of the applications of cryptography for complex weapon and space systems, cryptographic key management, Public Key Infrastructure (PKI) and the NSA\’s Key Management Infrastructure Experience documenting compliance towards parent specifications and standards (i.e.: NIST SP 800.160, NIST Cybersecurity Framework (CSF) 2.0, DoD Cyber Tabletop Guide, NIST SP 800-57, NIST 800.53 & Risk Management Framework (RMF), MITRE Attack Framework, and DoD Instruction 3150.02) Proficiency in requirement derivation, definition, and analysis for System Security, Network Security, and Data Security needs Experience integrating vulnerability remediation, risk mitigation, and incident response within the Systems Engineering process. Experience drafting innovative R&D proposals to commercial government sponsors Applicants selected for this position will be required to obtain and maintain a government securityGovernment security clearance. Connect With Draper for Future Opportunities! If you don\’t find the right posting in our Career Opportunities, you may submit your resume for future consideration. Job Location – City: Cambridge Job Location – State: Massachusetts Job Location – Postal Code: 02139-3563 Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers . Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com. #J-18808-Ljbffr