Ball Corporation / Ball Aerospace Senior Engineer - Software Security Systems in Broomfield, Colorado
Clearance Requirement: A current, active TOP SECRET security clearance is required.
Powered by endlessly curious people with an unwavering mission focus, Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most.
We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit Ball Aerospace Career Site at https://jobs.ball.com/aerospace/ or connect with us on LinkedIn at https://www.linkedin.com/company/ball-aerospace , Facebook at https://www.facebook.com/ballaerospace/ , Twitter at https://twitter.com/BallAerospace or Instagram at https://www.instagram.com/ballaerospace/ .
The Security and Mission Assurance Strategic Support Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge.
Senior Engineer – Software Security Systems
Responsible for assessing, defining, modeling, and analyzing software vulnerability trades against program requirements as they relate to assurance requirements and mission success. Work with New Business/Program personnel, Mission Assurance Manager and systems engineering to optimize trades and allocate hours early in the program, study, capture, and proposal phase to meet mission objectives by quantifying mission risk against software security requirements. Verify the deliverable product being delivered meets the quality and integrity requirements set forth in the requirements and Ball’s level of standard. Work with teams from Security, Supply Chain Risk Management, and the Mission Assurance Manager to relay any concerns or risks in the product development within Ball and outside vendors.
Implement a continuous improvement program flowing lessons learned into design and development CONOPs through the delivery of a product and the software development lifecycle. Ensure Ball mission coding standards align with programmatic and customer requirements. Interface with experts in the community to communicate Ball’s path forward and internally provide adjustments to the path. Engage with SSU and SBUs to leverage personal skillset to answer additional mission requirements related to software security being flown in new programs. Work with program and proposal managers to support cost and schedule estimates related to mission assurance related requirements.
What you’ll do:
•Maintain a comprehensive and holistic system view while addressing stakeholder security risks and concerns regarding software integrity and assurance implementation through the application of Systems Engineering skills.
•Ensure the effectiveness and suitability of the security elements within software of the systems as an enabler to mission success.
•Provide and communicate understanding of both the technical and programmatic aspects of a project to the project team as well as the customer.
•Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security consulting services.
•Understand application architectural patterns, such as MVC, Microservices, Event-driven etc
•Proven work experience as a software security engineer
•Assess application security posture through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities.
•Solid business acumen with ability to work with App Dev, QA and Security teams
•Promote development of a strong team by participation in key aspects of the project and mentoring junior team members.
•Continually integrate with current recommendations for continually improving software security. This can include NIST Software Development Framework, recommendations from DISA, or other similar publication.
•Support the generation of cost estimates for proposals.
•As needed: ◦Conduct static code analysis (SCA) per program requirements.
◦Create Static Code Analysis reports as needed in the desired format.
◦Work with Software teams to resolve open issues to meet customer risk posture on results of SCA.
◦Coordinate with development teams and other appropriate personnel as needed to provide adjudication for findings.
◦Provide input and support to Cyber Security Professionals for control responses.
•Maintain a regular and predictable work schedule.
•Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
•Perform other duties as necessary.
What you’ll need:
•BS degree or higher in Engineering or a related technical field is required plus 8 or more years related experience.
•Each higher-level degree, i.e., Master’s Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
•Degree in Software Engineering, Computer Science, or a related technical field is preferred.
•Experience working with Static Code Analysis tools is preferred
•Experience with embedded software development is desired
•Understand the Software Development Lifecycle and work with Software Engineering on tasks and time to ensure proper implementation.
•Experience with software development lifecycle tools (including bug tracking software) is desired.
•Experience with formal software development practices including the use of software version control, coding standards, and naming conventions.
•Ability to obtain a certified Secure Software Lifecycle Professional (CSSLP)
•Demonstrate excellent interpersonal skills, strong written, communication, oral presentations skills, and ability to lead group discussions.
•Work is performed in an office, laboratory, production floor, or clean room, outdoors or remote research environment.
•May occasionally work in production work centers where use of protective equipment and gear is required.
•May access other facilities in various weather conditions.
•Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Current Clearance Required:
Verification that your current security clearance or government customer access meets the requirement for this position will be required.
Relocation for this position is available
US CITIZENSHIP IS REQUIRED
Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Equal Opportunity Employer
Minority, Female, Disabled, Lesbian, Gay, Bi-sexual, Transgender and Veterans