Date Posted:
2024-08-20Country:
United States of AmericaLocation:
PW100: East Hartford 400 Main Street, East Hartford, CT, 06118 USAPosition Role Type:
OnsitePratt & Whitney is working to once again transform the future of flight—designing, building and servicing engines unlike any the world has ever seen. And because transformation begins from within, we’re seeking the people to drive it. So, calling all curious.
Come ready to explore and you’ll find a place where your talent takes flight—beyond the borders of title, a country or your comfort zone. Bring your passion and commitment and we’ll welcome you into a tight-knit team that takes our mission personally. Channel your drive to make a difference into shaping an organization and an industry that’s evolving fast to the future.
At Pratt & Whitney, the difference you make is on display every day. Just look up. Are you ready to go beyond?
What You Will Do:
The Information Systems Security Engineer (ISSE) will function as a Subject Matter Expert (SME) for information systems security control methods, mitigations, and tools throughout a systems’ lifecycle in compliance with U.S. Department of Defense (DoD) security laws, regulations and guidelines. The ISSE will participate in projects, guide and counsel internal customers, assist in developing and maintaining cross-security enclave processes and standards, and provide training and guidance on tools and methods to other members of the cybersecurity team.
- Under the direction of the Enclave Senior Manager serve as an information systems security lead for information technology-related projects supporting the ME portfolio of programs. Ensure delivery of required RMF artifact elements for new information systems are compiled and provided to the respective ISSM for inclusion in RMF packages to be submitted for an ATO.
- Influence and guide team project teams architecting and designing information systems solutions in the employment of configuration options, processes and tools that align with applicable DoD policies and regulations. Collaborate with system engineers, developers and system administrators to resolve compliance issues through mitigation and remediation plans.
- Develop, assess, verify, and manage the implementation of information system security-related tools, measures and controls in compliance with applicable DoD and Corporate policies, standards and procedures. Periodically review existing systems for opportunities to reduce effort, risk and/or mistake-proof methods and procedures through process improvement.
- Architects automated technical solutions to enhance internal Continuous Monitoring strategies and improve process workflows.
- Lead the effort in closing out POA&M items for Enclave information systems that are associated with technology-related control items.
- Assist the Enclave Senior Manager in developing and reviewing polices, plans, procedures, and standard work related to information systems security measures and configurations in accordance with applicable DoD policies and regulations tied to the Risk Management Framework (RMF).
- Assist in overseeing and managing the patch management process and execution across all security enclaves. Collaborate with peer GSC ISSEs and Corporate equivalents for alignment and sharing of best practices.
- Partner with other GSC ISSEs in participating and supporting the threat intelligence program. Collaborate with GSC ISSE peers, Corporate equivalents and the Insider Threat Program Security Officer (ITPSO) for alignment and sharing of best practices.
- In collaboration with the incident response manager, coordinate and/or perform incident response containment, eradication, and recovery tasks involving classified systems and/or spills of classified data to unauthorized systems. Support the respective security enclaves in information systems security-related inspection preparations as needed.
- In close collaboration with peer GSC ISSEs, assist in developing and maintaining standards for information security methods and tools. Work with the Enclave Senior Manager and Associate Director, GSC Cybersecurity in authoring and maintaining associated training content.
Qualifications You Must Have:
- Bachelors Degree or equivalent experience and minimum 8 years prior relevant experience, or An Advanced Degree in a related field and minimum 5 years experience.
- U.S. citizenship is required, as only U.S. citizens are authorized to access information under this program/contract.
- Able to obtain a current Secret-level U.S. government security clearance with ability to obtain a Top Secret-level clearance.
- Ability to obtain access to Special Access Programs.
- 2+ years hands-on experience in an ISSO, ISSM and/or ISSE role or equivalent.
- 4+ years’ combined hands-on experience in systems administration/engineering and/or cybersecurity support role for a combination of servers, desktop computers, operating systems, and virtual computing, preferably of information systems supporting classified programs or activities.
- Certifications equivalent to or exceeding DoD 8570.01-M IAT Level II functional and baseline certification requirements.
Preferred Qualifications:
- Expert-level experience administering and maintaining Splunk Enterprise deployments across enterprise networks; including experience developing custom ingestion pipelines, data visualizations, and leveraging scripts to create custom data inputs.
- Strong experience leveraging scripting languages such as (but not limited to) bash, Python, and PowerShell to automate process workflows.
- Experience performing network traffic analysis using tools like Wireshark to understand communication flows and identify vulnerabilities.
- Strong understanding of common vulnerabilities (e.g., buffer overflows, SQL injection) and how exploits are developed.
- Strong history of architecting technical solutions to enhance the overall security posture of an organization.
- Knowledgeable in MITRE ATT&CK framework and how threat actors leverage TTPs to exploit information systems, applications, and networks.
- Experience leveraging vulnerability scanning solutions like Tenable/Nessus, OpenVAS, ACAS to identify and remediate information system vulnerabilities.
- Proficiency in programming languages like Python, C/C++, Java.
- Ability to develop, document and interpret network and wiring diagrams; system, subsystem and device security architectures down to the board level; and data flow diagrams.
- Experience working with virtualization software and virtualized environments such as ESXi, VMWare, VirtualBox, and Hyper-V.
- Splunk (Core Certified Power User, Enterprise Certified Admin, Enterprise Certified Architect).
- GIAC certifications (GSEC, GCIH, GCFE, GPYC, GPEN, GMON).
- CompTIA (Sec+, CySA+).
Learn More & Apply Now
Innovation through diversity of thought. At Pratt & Whitney, we believe diversity of thought enables creativity, innovation, and a foundation for inclusion. By fostering an inclusive culture, we accept a shared accountability and responsibility to recognize, sponsor, coach, hire and promote talent equally. We welcome our employees to be their whole - best - selves at work because trust, respect and integrity, are a part of our DNA.
- What is my Role Type? In addition to transforming the future of flight, we are also transforming how and where we work. We’ve introduced role types to help you understand how you will operate in our blended work environment. This role is: Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance workers, as they are essential to the development of our engines.
- Candidates will learn more about role type and current site status throughout the recruiting process. For onsite and hybrid roles, commuting to and from the assigned site is the employee’s personal responsibility.
The salary range for this role is 96,000 USD - 200,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.
Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.
Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.
This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.
RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.
RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Privacy Policy and Terms:
Click on this link to read the Policy and Terms