Hermeus is a startup developing hypersonic aircraft to radically accelerate air travel. At Mach 5, more than twice the speed of the supersonic Concorde, passengers will be able to cross the Atlantic in 90 minutes. On the path to hypersonic passenger aircraft, Hermeus is partnering with government agencies including the US Air Force and NASA to develop a series of autonomous aircraft that derisk the technology and solve urgent national security challenges. These products provide the data and confidence necessary to certify, produce, operate, and maintain safe and comfortable commercial aircraft. Hypersonic aircraft have the potential to create trillions of dollars of new global economic growth per year, unlocking significant resources that can be utilized to solve the world's greatest problems. Hermeus seeking an Information Systems Security Engineer (ISSE). The role of the ISSE is to bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in–depth understanding of the cybersecurity policies and procedures for government sector information systems and sufficient technical knowledge and experience to implement them. Reporting to the Vice President of Security, the ISSE will work closely and effectively with the ISSM and Sponsor IT managers on all aspects of their development and implementation programs as they progress through their Agile management processes. They will provide hands on security and compliance and work with Sponsor requirements that are primarily is developing new systems and environments both on premises and cloud computing. Responsibilities:
– Engineer cyber security solutions in support of multiple government sponsors.
– Perform and review technical security assessments of computing environments to identify points of vulnerability, non–compliance with established cybersecurity standards and regulations, and recommend mitigation strategies.
– Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
– Design and develop security designs for new or existing operational environments.
– Ensure that system designs support the incorporation cyber security vulnerability solutions.
– Provide expertise to course of action development.
– Identify, assess, and recommend cyber security products for use within an operational environment.
– Provide subject matter expertise to the development of a common operational picture.
– Develop and implement security vulnerability assessments and penetration tests.
– Ensure that cybersecurity–enabled products or other compensating security control technologies reduce identified risk to acceptable security levels.
– Maintain operational security posture for an information system or program.
– Apply a full range of Cybersecurity policies, principles and techniques to maintain security integrity of information systems processing classified information.
– Conducting vulnerability scans and recognizing vulnerabilities in security systems
– Perform cyber defense trend analysis and reporting.
– Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk.
– Knowledge and understanding of cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
– Provide Configuration Management input for security–relevant information system software, hardware, and firmware; Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
– Provide input to the Risk Management Framework process activities and related documentation (e.g., system life–cycle support plan) Requirements:
– Communicate complex information, concepts, or ideas in a confident and well–organized manner through verbal, written, and/or visual means.
– Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
– Ability to exercise judgment when policies are not well–defined.
– Knowledge of new and emerging IT and cybersecurity technologies.
– Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
– Experience with Risk Management Framework (RMF), NIST SP 800–53, 800–171, Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.
– Knowledge of Assessment & Authorization (A&A) process.
– Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
– BS in Computer Science or equivalent field of study and 5 years related experience.
– In accordance with DoD 8570.01M, the selected candidate must meet certification requirements as a condition of employment.
– Possess and maintain an active Top Secret level security clearance. Preferred Qualifications:
– Ability to contribute in a dynamic high tempo operational environment.
– Ability to correlate operational concepts and apply appropriate security measures to mitigate threats or vulnerabilities.
– Knowledge of computer networking concepts and protocols, and network security methodologies.
– Knowledge of authentication, authorization, and access control methods.
– Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross–site scripting).
– Knowledge of incident response and handling methodologies.
– Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
– Knowledge of cyber defense and information security policies, procedures, and regulations (e.g., RMF).
– Knowledge of Intrusion Detection System (IDS)/Intrusion.
– Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory service.
– Excellent organizational/communications skills and the ability to effectively interact with staff at all levels.
– Certified Information Systems Security Professional (CISSP)
– Information Systems Security Engineering Professional (ISSEP)
– DOD Information Technology Security Certification and Accreditation Process (DITSCAP)
– DOD Information Assurance Certification and Accreditation Process (DIACAP)
– Familiarity with Nessus
– Have eMASS experience
– Built a classified network and attain accreditation