The Cybersecurity Risk Management Framework Researcher in the Test Engineering Division (TEN) will work with sponsor engineers to ensure cyber-resiliency and cybersecurity for contracts, test strategies/plans, system-specific requirements, and cybersecurity strategies for Electronic Warfare, Avionics, and Communications systems acquisition programs. Additionally, the position will serve as the Information System Security Manager (ISSM) for Department of Defense (DoD) networks, information systems, and embedded electronics systems. These systems provide DoD components with critical services and military aircraft with offensive and defensive capabilities.
The Cybersecurity Risk Management Framework Researcher will be responsible for a portfolio of programs potentially spanning Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP)/Special Access Required (SAR) levels. Additionally, the candidate will support information system life cycle activities from scoping systems for new programs and preparing Risk Management Framework (RMF) packages to regular maintenance, support, and upgrades of systems during program execution to program close-out and de-certification activities.
- Perform cybersecurity research for government-sponsored projects
- Serve as ISSM for DoD networks, information systems, and embedded electronics systems
- Ensure system security measures comply with applicable government policies
- Examine system implementations of cybersecurity controls for their applicability and level of effectiveness
- Maintain a thorough understanding of National Institute of Standards and Technology (NIST) 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM)
- Provide support to the program lead for maintaining appropriate information assurance (IA) posture for programs
- Conduct reviews and technical inspections (as prescribed by the program lead or the customer) to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional
- Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems
- Draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, RAR, SCTM)
- Perform other duties as assigned
Education & Length of Experience
Research Engineer/Scientist/Technologist/Associate I
- A Bachelor's degree in Cybersecurity, Information Technology, Electrical Engineering, Computer Engineering, Mathematics, Computer Science, Business Administration, or related field.
Research Engineer/Scientist/Technologist/Associate II
- A Master’s degree in Cybersecurity, Information Technology, Electrical Engineering, Computer Engineering, Mathematics, Computer Science, Business Administration, or related field and three (3) years of relevant full-time experience after completion of that degree,
- A Master’s degree in Cybersecurity, Information Technology, Electrical Engineering, Computer Engineering, Mathematics, Computer Science, Business Administration, or related field and five (5) years of relevant full-time experience after completion of a Bachelor’s degree, or
- A Doctoral degree in Cybersecurity, Information Technology, Electrical Engineering, Computer Engineering, Mathematics, Computer Science, Business Administration, or related field.
Required Minimum Qualifications
- Candidates currently enrolled in an accredited Bachelor's degree with a graduation date of December 2021 and skills relevant to this position will be considered.
- Familiar with RMF documentation, NIST controls, and/or information system compliance (ISO, HIPAA, PCI DSS, etc.).
- Familiar with system accreditation, security analysis, information assurance, and/or cybersecurity
- Working knowledge of information systems, hardware, software, databases, or system administration.
- Experience with NIST, RMF, and/or eMASS
- IAM Level II or Level III certification (CAP, CASP+, CISM, CISSP, GSLC, CCISO)
- Experience preparing and conducting technical presentations
U.S. Citizenship Requirements
Due to our research contracts with the US federal government, candidates for this position are required to be US Citizens.
Clearance Type Required
Candidates must be able to obtain and maintain an active security clearance.
Safer Federal Workforce Executive Order
Presidential Executive Order 14042 requires most federal contractors, including federal contractors within the University System of Georgia, to comply with Covid-19 guidance from the Safer Federal Workforce Task Force (“Task Force”). Georgia Tech must ensure that all employees covered under the Executive Order (“covered employees”), including those working remotely in the United States, are fully vaccinated by January 19, 2022, or by their first day of work in a covered role.
This position is covered by the Executive Order. Accommodations or exemptions for medical conditions can be requested by individuals who would otherwise be covered but have a disability, medical condition, or sincerely held religious belief, practice, or observance.
Details of the order can be found here.
Benefits at GTRI
Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://hr.gatech.edu/benefits
Diversity & Inclusion
Diversity & Inclusion (D&I) at Georgia Tech Research Institute aims to enhance the Institute’s mission of solving the world’s most complex technical problems by creating a workforce with a shared appreciation for diversity, raising awareness around inclusiveness, and fostering a sense of belonging and appreciation for all members of our community.
Equal Employment Opportunity
Georgia Tech Research Institute is an Equal Opportunity Employer of individuals with disabilities and protected veterans and actively seeks diversity among its employees. Equal Employment Opportunity is the Law.