· Kansas City National Security Campus (KCNSC) is responsible for producing technologies (systems, sub-systems, and components) that are critical to national security. Our state-of-the-art manufacturing, testing, and R&D facilities are integrated through digitalnetworks and complex industrial control systems. KCNSC works in close partnership with other world-class plants and laboratories, as well as industry, through government-certified networks. Cutting-edge digital systems (software and hardware) increase our productivity and performance; they also introduce cybersecurity and supply-chain risk to our sensitive information and automated processes. We seek to fill two technical positions for digital system security experts.
· Due to current and dynamic spectrum of threats posed on the nation’s Nuclear Security Enterprise, the Nuclear Enterprise Assurance (NEA) program has been established to mitigate potential consequences and threats to the nation’s supply chain security. With a strong focus to the deterrence mission, this department continues to grow and impact the KCNSC.
· The growing NEA group is hiring a qualified Principle Software Assurance Engineer to evaluate, address and document software risks across the KCNSC or as associated with New Product Introduction and/or Legacy weapon programs. A Principle Software Assurance Engineer’s key responsibility is to prevent the introduction of malicious software into the Nuclear Security Enterprise (NSE) supply chain, directly supporting the National Nuclear Security Administration’s mission. Engineering oversight and technical evaluation is required across organization lines to understand, define, and apply engineering systems rigor, assess technical priorities, drive efficiencies, continuous improvements, and leverage evolving integrated systems engineering and engineering business management models to advocate customer requirements and expectations from an NEA perspective. This role requires experience in software life cycle management, project leadership, cross-functional teaming, and direct customer interface.
Summary of Duties:
· Develop and maintain a world-class understanding of cyber/digitalthreats
· Represent KCNSC in government, academic, and industry software assurance working groups
· Assess the security of digital systems, including both software and firmware
· Provide security recommendations that address adversarial capabilities
· Develop and test “inherently secure” digital system architectures for digital plant equipment
· Evaluate Operational Technologyrisk
· Reverse engineer software applications, operating systems, and/or embedded systems
· Serve as a subject matter expert for internal and external programs
· Advise senior leadership and functional areas (e.g., procurement) on digital/software risk
You Must Have:
· U.S. citizenship in order to obtain and maintain US Dept of Energy "Q"-level government security clearance
· BS in Engineering (Computer Engineering, Electrical Engineering, or Computer Science) or Physics from an ABET accredited institution
· At least seven (7) years of experience in one or more of the following areas: Auditing source code, building tools to support vulnerability analysis, fuzzing complex programs, analyzing network protocols, developing Windows or Linux drivers, formal analysis/verification of software of protocols, or similar areas.
· At least 5 years of engineering experience in a technical leadership capacity (i.e. Project Manager, Principal Engineer, Project Lead, or Technical Lead)
· Existing US Dept. of Energy Q-level and TS/SCI security clearances
· MS in Engineering (Computer Engineering, Electrical Engineering, or Computer Science) or Physics from ABET accredited institution
· Experience with C/C++, scriptinglanguages, and assembly (e.g. ARM, MIPS, PowerPC, 8051, x86)
· Experience with Field Programmable Gate Array hardware and software languages (VHDL, Verilog, etc.)
· A demonstrated ability to develop technical ideas, methodology, test plans, and related results and present them in oral and written form
· Ability to perform effectively in a highly collaborative, cross functional, and team-oriented environment
· Aptitude and desire to lead (technical direction, project leader, program leader, mentor, or educator)
· Experience or training in one or more of the following areas: operating systems internals, operating systems development, virtualization, reverse engineering, software vulnerability assessment, computer networking, computer architecture, cryptographic systems or protocols, software defined networking, network function virtualization, or compilers.
· Familiarity with state-of-the-art mitigations (ASLR, DEP, sandboxing, code signing, CFI, etc.) and the attached techniques they are intended to thwart (overflows, information disclosure, etc.)
· Experience using analysis, reverse engineering, and debugging tools such as angr, BAP, IDA Pro, gdb, Hopper, libVMI, lldb, LLVM sanitizer, otool, objdump, PINtools, or sindbg
· Experience with testing software hardware and software such as National Instruments (PXI platform, TestStand, or LabView), Agilent, Tektronix, VTI Instruments, Fluke, etc.
Must have or be eligible for asecurity clearance due tocontractual requirements. ExemptSoftware architecture and codingAbility to code in multiple languatesAnalytical skills & software development skillsRequirements and design