Raytheon Technologies Cybersecurity - Senior Compliance & Risk Assessor (CRA) in Huntsville, Alabama
At Raytheon Missiles & Defense, fresh thinking and possibilities are forged in times of change and you will be on the front lines as we trailblaze new approaches, push the boundaries of innovation and chart a course to a tomorrow you can be proud to have a hand in creating.
When everything is connected, security is everything. That's why Raytheon Missiles and Defense (RMD) delivers solutions that protect every side of cyber for government agencies, businesses and nations. Protecting the most critical information, systems and operations with breakthrough solutions — to make the world a safer place. Join our diverse and dynamic team, where you will work in a place that is respectful and inclusive to solve some of the world’s toughest technical challenges. Our cybersecurity team is seeking a Compliance & Risk Assessor (CRA) for our Huntsville, AL, location. We offer competitive benefits and relocation assistance.
The CRA reports directly to the Information Systems Security Manager (ISSM), assists in the implementation and sustainment of the Cybersecurity Program and provides training and oversite to assigned Information Systems Security Officers (ISSO). The CRA is responsible to conduct cybersecurity operations across a wide spectrum of cyber disciplines in support of secure systems or networks. The CRA ensures the protection of data against unauthorized disclosure, accidental or intentional loss of data, or unauthorized modification. They evaluate system security configurations against applicable governing policies and perform compliance & vulnerability assessments in the context of company, industry and government standards. The CRA evaluates reported findings and collaborates with cross-function support to identify and implement solutions. They participate in the design and development of tools, systems, and policies for network and data monitoring, segmentation, access control and encryption. The CRA implements and sustains the Continuous Monitoring Plan as directed by the ISSM. They prepare and present technical reports and briefings and also serve in policy or governance positions as assigned.
Responsibilities to Anticipate:
Participates in interdepartmental projects and provides council on Cybersecurity policy and procedures
Trains and mentors junior team members
Interfaces with internal and external security personnel, customers, management, and U.S. Government representatives
Conducts training, briefings, presentations to various groups and audiences
Business travel as needed up to 20%
Perform other duties as assigned by the Information Systems Security Manager
Qualifications You Must Have:
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems Management, Management Information Technology, Criminal Justice, Business, Math or other degrees will be considered plus 6 years of directly related experience. In lieu of degree, will consider individuals with 14 years of cyber / systems security experience.
An advanced degree in a related field may be substituted for additional years of experience as follows: Master’s is equal to 2 years of experience or a Ph.D. is equal to 4 years of experience.
Currently possess DoD 8570.01-M IAM level I certified credentials (CompTIA Security+, etc.)
Experience in system hardening and auditing methods with various operating systems (e.g., Windows, Linux, UNIX, MacOS)
Past work experience with any combination of the following: network security architecture and/or systems security engineering concepts such as topology, protocols, components, and/or principles (e.g., application of defense-in-depth).
Experience with documentation and tools such as any of the following: DoD Manuals 8500 series, NIST Special Publications (800-53, 800-37, etc.) SNAC Guides, Nessus, SCAP, ACAS, etc.
An active and in-scope secret US security clearance
Qualifications We Value:
Experience implementing the NISPOM, JAFAN 6/3, DCID 6/3, JSIG, DAAPM, ICD-503 or equivalent requirements to include technical computer/network system auditing
Experience in professional engagements with internal and external customers (i.e. AOs, DAOs, SCAs, Program Managers, etc.), to include negotiating controls/requirements with government Contracting Activities
Experience in the execution of the Certification & Authorization processes, as defined within the Risk Managed Framework (RMF)
Experience in the execution of cybersecurity incident response and administrative inquiries/investigations
Experience in the execution of a continuous monitoring program (to include but not limited to self-inspections, security control assessments, training, log management systems, automated inventory utilities, etc.)
Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT)
Experience with various types of special test equipment (STE), and/or platform IT
What We Offer:
Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package that goes above and beyond with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the superior benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.
Check us out on YouTube!
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.