Draper · 2 weeks ago
Senior System Security Engineer
Cambridge, MA
Full-time
Onsite
Mid, Senior Level
$82K/yr - $206K/yr
3+ years expDraper is an independent, nonprofit research and development company headquartered in Cambridge, MA. They are seeking a Senior System Security Engineer to guide and facilitate concept development, mission-system analysis, and requirement definition & compliance for critical cyber resilient technologies. The role involves leveraging system security best practices to protect information and network infrastructure, as well as mentoring less experienced engineers.
Defense & Space
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Leveraging System Theoretic Process Analysis (STPA) for Attack Surface Analysis (ASA) to improve 'blue team' designs and attack vector insights
On-time delivery and maturating of System Security work packages such as: Attack Surface Traceability | Security Requirements | Security Architecture | Off-Nominal & Contingency scenarios | Anomaly Management policies
Socializing and demystifying System Security, Cybersecurity, & Cryptography best practices and techniques to internal cross-disciplinary stakeholders such as: System Architecture | Avionics | Software | Hardware design teams
Advocating for System Security best practices, to internal and external stakeholders & customers
Quick turn application of critical thinking for problem framing, analyzing, and synthesizing complex problems qualitatively and quantitatively
Documenting insights, findings, lessons learned, and maintaining a knowledge base of contributions within Draper’s collaborative Digital Engineering tool suite
Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems
Design computer security strategy and engineer comprehensive cybersecurity architecture
Identify, define and document system security requirements and recommend solutions to management
Monitor systems for irregular behavior and set up preventive measures
Plan, develop, implement and update company’s information security strategy
Educate and train staff on information system security best practices
Able to take ownership of assignments and guide others as needed; successfully lead tasks while tracking priorities, scope, cost and schedule
Derive plans and approaches to solving complex problems across a program lifecycle, capturing all assumptions and adapting appropriately to changes in requirements with limited direction
Independently contributes high quality content for technical reports and presentations which shows an understanding of their task and an awareness of the intended audience. Demonstrates both confidence and success when presenting technical information during meetings with internal and external stakeholders
Identify program/system-level technical risks and develop and execute mitigation strategies for them
Actively mentor less experienced engineers and provide thoughtful, constructive feedback
Qualification
Required
Requires a bachelor's degree in Electrical Engineering, Computer Engineering, Mechanical Engineering, Systems Engineering, Applied Physics, or related field
Bachelor's degree requires 5-10 years' experience of working on System Security Engineer or other relevant position
Master's degree requires 3-5 years' experience of working on System Security Engineer or other relevant position
Applicants selected for this position will be required to obtain and maintain a government security Government security clearance
Preferred
Proficiency applying System Theoretic Process Analysis for Security (STPA-Sec) to industry challenge problems
Proficiency with Model-based System Engineering toolkits, such as Cameo/MagicDraw, DOORs/DoorsNG, Jama Connect for the purposes of attack surface modeling and rapid impact & gap analysis for validation
An astute understanding of the applications of cryptography for complex weapon and space systems, cryptographic key management, Public Key Infrastructure (PKI) and the NSA's Key Management Infrastructure
Experience documenting compliance towards parent specifications and standards (i.e.: NIST SP 800.160, NIST Cybersecurity Framework (CSF) 2.0, DoD Cyber Tabletop Guide, NIST SP 800-57, NIST 800.53 & Risk Management Framework (RMF), MITRE Attack Framework, and DoD Instruction 3150.02)
Proficiency in requirement derivation, definition, and analysis for System Security, Network Security, and Data Security needs
Experience integrating vulnerability remediation, risk mitigation, and incident response within the Systems Engineering process
Experience drafting innovative R&D proposals to commercial government sponsors
Benefits
Workplace flexibility
Employee clubs ranging from photography to yoga
Health and finance workshops
Off site social events
Discounts to local museums and cultural activities
Company
Draper
We Engineer Solutions for the Nation’s Toughest Problems As an independent nonprofit engineering innovation company, Draper provides engineering services directly to government, industry, and academia.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Jerry Wohletz
President and Chief Executive Officer
Brenan McCarragher
Chief Technology Officer
Recent News
Business Journals
2024-03-28
2024-02-28
Company data provided by crunchbase