Scientist, Information Security Systems Engineering

Job Title: Scientist Information Security Systems Engineering (ISSE)

Job Code: 39847

Job Location: Colorado Springs CO

Job Schedule: 9/80

Job Description:

L3Harris is seeking a Senior Cybersecurity Engineer to lead cybersecurity strategy and execution for the MOSSAIC Portfolio. This leader applies current systems security engineering methods practices and technologies to the architecture design development evaluation and integration of systems and networks to maintain system security.

Throughout the system lifecycle this leader will partner closely with customers to ensure security protection needs concerns and requirements are defined and implemented with appropriate fidelity and rigor early and in a sustainable manner that enables security authorization of systems of interest.

This role takes ownership of integrating multiple security methods into a cohesive system security perimeter and environment including the policies and procedures necessary to monitor and maintain such an environment. The position represents program security needs concerns and requirements directly to customers. The ideal candidate is a strategic thinker with deep cybersecurity engineering expertise who scales vertically as a leader: operating hands-on at the technical level when programs need it stepping back to drive strategy when the mission requires it and coaching and developing the team at every level.

Essential Functions:

CYBERSECURITY TECHNICAL LEADERSHIP & ARCHITECTURE

• Lead portfolio-level cybersecurity strategy and execution for all security-related activities across the MOSSAIC Portfolio. Provide technical architectural oversight on the design development and integration of cybersecurity solutions that meet mission needs while maintaining compliance with DoD standards NIST Risk Management Framework (RMF) and Cybersecurity Maturity Model Certification (CMMC) frameworks.
• Partner with cross-functional teams to identify develop and integrate cybersecurity policies principles requirements and architectures across system lifecycle phases. Drive the development of processes procedures and technical work instructions to ensure security is embedded throughout portfolio activities.
• Develop and maintain long-range cybersecurity risk burn-down roadmaps that systematically address technical debt and vulnerabilities while balancing program schedule and resource constraints. Translate strategic security objectives into executable technical plans that deliver measurable risk reduction.

AUTHORIZATION ACCREDITATION & COMPLIANCE

• Lead Risk Management Framework (RMF) authorization and accreditation (A&A) efforts guiding systems through RMF Steps 1-4: system categorization for Confidentiality Integrity and Availability (CIA); security control selection and baseline definition; control implementation across computing and network nodes; and security assessment coordination. Develop comprehensive Basis of Evidence (BoE) packages that enable Authority to Operate (ATO) decisions.
• Manage A&A package processing in eMASS (Enterprise Mission Assurance Support Service) ensuring documentation accuracy completeness and alignment with customer timelines and government requirements. Prepare Certification and Accreditation documentation using multiple standards including DoD 8510 and Committee on National Security Systems Instruction (CNSSI) 1253.
• Drive Cybersecurity Maturity Model Certification (CMMC) implementation across portfolio systems ensuring certification standards are met. Partner with program leadership to align CMMC compliance efforts with contract requirements and customer expectations.
• Lead adoption of Zero Trust Architecture (ZTA) principles across system design and operations ensuring least-privilege access continuous verification and assume-breach security postures are embedded in technical solutions and operational practices.

VULNERABILITY MANAGEMENT & SECURITY OPERATIONS

• Own vulnerability management strategy and execution including tracking vendor-released security patches Common Vulnerabilities and Exposures (CVEs) Information Assurance Vulnerability Management (IAVMs) and hardware/software obsolescence. Analyze security assessment results and drive timely remediation while minimizing operational disruption.
• Oversee configuration and use of cyber defense and vulnerability assessment tools including Assured Compliance Assessment Solution (ACAS). Translate scan results into prioritized remediation plans with clear risk trade-offs and implementation timelines.
• Ensure Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) are applied to system configurations with appropriate rigor and documented evidence for assessment.

DEVSECOPS & APPLICATION SECURITY

• Oversee Static Application Security Testing (SAST) processes for Application Security and Development STIG compliance using tools such as Fortify. Ensure portfolio-wide code scanning practices identify security issues early and review summary reports that translate technical findings into risk insights for leadership decision-making.
• Champion DevSecOps best practices partnering with development teams to embed security testing into automated pipelines. Guide DoD software selection and approval processes for Commercial Off-The-Shelf (COTS) Government Off-The-Shelf (GOTS) and Free and Open-Source Software (FOSS).

PROGRAM MANAGEMENT COST & SCHEDULE LEADERSHIP

• Serve as Control Account Manager (CAM) for cybersecurity work packages within the programs Earned Value Management System (EVMS). Analyze Variance Analysis Reports (VARs) provide data-driven schedule inputs and make trade-off decisions on scope schedule and resources while maintaining acceptable risk posture and program quality objectives.
• Conduct portfolio oversight to identify opportunities for staffing efficiencies prevent cost overruns optimize resource allocation within budget constraints and make strategic workforce decisions that balance technical capability with financial performance.
• Develop Basis of Estimate (BOE) for cybersecurity engineering efforts translating security requirements into labor estimates resource forecasts and timeline projections that support program planning and customer negotiations.
• Lead security engineering activities including requirements development design test planning configuration management and maintenance of information systems and data. Ensure cybersecurity is integrated into the broader system engineering lifecycle not treated as a standalone discipline.

BUSINESS CONTINUITY & MISSION RESILIENCE

• Analyze problems to identify root causes rather than symptoms applying rigorous engineering thinking to cybersecurity challenges. Develop recommendations on new products emerging security technologies and portfolio-level processes that improve security outcomes while supporting mission objectives.

STAKEHOLDER ENGAGEMENT & TECHNICAL COMMUNICATION

• Represent portfolio cybersecurity needs concerns and requirements directly to customers ensuring their security priorities are understood documented and addressed with appropriate technical fidelity throughout the system lifecycle.
• Conduct briefings to senior leadership program managers and customers on cybersecurity status accreditation schedules vulnerability management progress and risk posture. Translate complex technical security concepts into business impacts and decision-quality information.
• Chair and participate in Configuration Working Groups (CWGs) Cybersecurity Working Groups and Engineering Review Boards (ERBs). Drive implementation of cybersecurity lessons learned across systems ensuring theorganization benefits from past experience and avoids repeating mistakes.
• Influence cross-functional stakeholders to adopt security best practices accept new concepts and implement process improvements. Build credibility through demonstrated expertise transparent communication and consistent follow-through on commitments.

LEADERSHIP & ADVISORY

• Serve as the portfolio directors principal cybersecurity advisor providing executive-level guidance on all cybersecurity matters and serving as the authoritative decision-maker for portfolio-wide cyber engineering standards DoD policy compliance CMMC alignment and cybersecurity acquisition requirements.
• Manage a distributed cybersecurity team across multiple MOSSAIC product lines. Ensure Information Security Systems Engineers (ISSEs) on each product line execute their responsibilities and meet customer security requirements.

Collaborate with cross-functional disciplines across product lines to integrate cybersecurity into program execution.

• Lead mentor and develop cybersecurity discipline talent fostering a culture of technical excellence continuous learning and security-first thinking. Scale engagement from hands-on technical work to strategic direction based on mission needs.

This position is performed 100% on-site and cannot be accomplished remotely.

Qualifications:

• Education:
  • Bachelors Degree and minimum 12 years of prior relevant experience OR
  • Graduate Degree and a minimum of 10 years of prior related experience OR
  • In lieu of a degree minimum of 16 years of prior related experience.
• Active SECRET security clearance required with ability to obtain TS/SCI.
• DoD 8140.03 IAT Level 3 or IASAE Level 2 certification required.

Preferred Additional Skills:

• Model-Based Systems Engineering (MBSE) and Digital Engineering methodologies experience.
• Hands-on experience with Windows and Linux system administration and security hardening.
• Deep understanding of engineering processes concepts and information security systems engineering principles (NIST Special Publication (SP) 800-160 Volume 1).
• System test and evaluation methods and RMF assessment methodology expertise.
• Demonstrated experience with Agile system development methodologies CI/CD toolchains and DevSecOps automation frameworks.
• Understanding of system vulnerabilities exploitation techniques and offensive security tradecraft.
• Experience working with U.S. Space Force Combat Forces Command (CFC) Mission Delta 2 (MD2).
• Top Secret / SCI clearance desired.

In compliance with pay transparency requirements the salary range for this role in Colorado state is $133000-$247000. This is not a guarantee of compensation or salary as final offer amount may vary based on factors including but not limited to experience and geographic location. L3Harris also offers a variety of benefits including health and disability insurance 401(k) match flexible spending accounts EAP education assistance parental leave paid time off and company-paid holidays. The specific programs and options available to an employee may vary depending on date of hire schedule type and the applicability of collective bargaining agreements.

The application window for this position will close on 8/22/2026.