Information System Security Engineer

Role and Responsibilities

Job Description

Who We Are:

• CAE Vision: Our vision is to be the worldwide partner of choice in defense and security, civil aviation, and healthcare by revolutionizing our customers' training and critical operations with digitally immersive solutions to elevate safety, efficiency and readiness.
• CAE Defense & Security Mission: CAE's Defense and Security business unit focuses on helping prepare military customers to develop and maintain the highest levels of mission readiness.
• CAE Values: Empowerment, Innovation, Excellence, Integrity and OneCAE make us who we are and we strive to make a difference in the world while helping each other succeed.

What We Have to Offer:

• Comprehensive and competitive benefits package and flexibility that promotes work-life balance
• A work environment where all employees are valued, respected and safe
• Freedom to succeed by enabling team members to deliver, take initiatives and make decisions
• Recognition, professional development, advancement and having fun!

Summary

Seeking an experienced cybersecurity professional to provide technical expertise for the design, development, integration, testing, and fielding of Department of Defense (DoD) compliant Information Systems and solutions used in military training systems.

Essential Duties and Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Ensure that SSE processes are aligned to, and adequately documented in the IS's Systems Engineering Plan, Program Protection Plan, and assist as needed in other technical documentation for security engineering inputs and review (e.g. ISP, CSP).
• Support systems engineering technical reviews (SETR) by ensuring that entry and exit criteria include cybersecurity and are satisfied, and that design documentation meets the specified cybersecurity requirements.
• Ensure that security requirements and technical security controls are properly allocated and documented in design specifications, technical publications, and manuals, etc.
• Ensure security requirements and technical security controls are properly allocated and implemented in logistics, configuration management, or program planning documents incorporating cybersecurity considerations throughout the lifecycle of the system.
• Ensure that security requirements and technical security controls have been communicated and are reflected in the IS's requirements database.
• Designs, develops, and implements security measures that support software assurance and software security to ensure proper security design of applications and remediation of security defects in the IS's code base.
• Perform threat modelling, design threat models, and participate in anti-tamper design of systems IAW Anti-Tamper Executive Agent (ATEA) guidance.
• Support assessment and authorization (A&A) of IS (or IS contained in security authorization boundaries) ensuring cybersecurity is included in the design architecture and SDLC.
  • Perform information type and system categorization security impact that provide confidentiality, integrity, and availability (CIA), security control overlay selection, and technical security control tailoring
  • Design technical security architecture implementations, security integrations, system hardening guidance, threat countermeasures, and provide mitigation support for un-remediated system vulnerabilities to lower risk impact to systems
  • Provide security engineering support of cybersecurity test plans/procedures to ensure security requirements are verified and validated as designed.
  • Develop Risk Assessment Reports (RAR), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Security Control Traceability Matrices (SCTM), and Security Impact Analyses (SIA).
  • Assist in technical inputs for development of System Security Plans (SSP) and other applicable documentation pertaining to Information System (IS) authorizations and system security design.
  • Assist and define technical measures that ensure proper disposal of IS.
• Communicate with other engineering and architecting disciplines, customers, and authorization officials to convey cybersecurity aspects, design, implementation, and mitigations.
• Provide governance and technical advice on selection of cybersecurity products and cybersecurity-enabled products acquired and used in the IS.
• Support future business initiatives in working proposal efforts.

Qualifications and Education Requirements

• Bachelor's degree in a technical field, such as Cybersecurity, Electrical Engineering, Systems Engineering, or Computer Science
• Possess an active security clearance
• Possess an active IASAE level II or III certification in accordance with DoDD 8140.01, Cybersecurity Workforce Management and DoD 8570.01-M, Information Assurance Workforce Improvement Certification
• 10 years of relevant, demonstrable experience in fields of cybersecurity, anti-tamper, or engineering computer technology
• Knowledge in the following areas:
  • Knowledge of computer networking concepts and protocols and network security methodologies.
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of integrating the organization's goals and objectives into the architecture.
  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  • Knowledge of cybersecurity principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of cybersecurity-enabled software products.
  • Knowledge of specific operational impacts of cybersecurity lapses.
• Skills in the following areas:
  • Skill in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption.
  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Skill in translating operational requirements into protection needs (i.e., security controls).
• Abilities in the following areas:
  • Ability to design architectures and frameworks.
  • Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Ability to apply an organization's goals and objectives to develop and maintain architecture.

• Due to U.S. Government contract requirements, only U.S. citizens are eligible for this role.

Preferred Skills

• JSIG compliance and implementation experience
• Proficiency in anti-tamper techniques for verification and protection of Critical Program Information (CPI) per DoDI 5200.39
• Systems Administrator, Software Engineering, and/or Network Engineering Experience
• Significant knowledge of Security Technical Implementation Guides (STIGs)
• Master's Degree in a technical field
• Design and Architect experience of cybersecurity solutions
• Multiple DoD 8570.01-M certifications
• Prior experience utilizing systems engineering principles for requirements on a technical effort
• Previous experience developing and accessing various artifacts such as SOWs, requirements, and test documents
• Experience with DOORS requirements management software
• Experience in eMASS and Xacta RMF flow software
• Experience in cybersecurity activities associated with aircraft and aircraft simulators/training devices
• Ability to travel up to 15%

Security Responsibilities

Must complywith all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources.

• Incumbent must be eligible for DoD Personal Security Clearance.

Due to U.S. Government contract requirements, only U.S. citizens are eligible for this role.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

• Ability to site for extended periods of time
• Ability to stand for extended periods of time
• Ability to lift 25 lbs. to various heights

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.

CAE USA Inc. is an EOE/AA employer and gives consideration for employment to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you'd like more information about your EEO rights as an applicant under the law, please click here Know Your Rights: Workplace Discrimination is Illegal.

PAY TRANSPARENCY NONDISCRIMINATION PROVISION The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.

Position Type

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.

Equal Employment Opportunity

At CAE, everyone is welcome to contribute to our success. With no exception.

As captured in our overarching value "One CAE", we're proud to work as one passionate, boundaryless and inclusive team.

At CAE, all employees are welcome regardless of race, nationality, colour, religion, sex, gender identity or expression, sexual orientation, disability, neurodiversity or age.

The masculine form may be used in this job description solely for ease of reading, but refers to men, women and the gender diverse.