Scientist, Information Security Systems Engineering

Job Title: Scientist, Information Security Systems Engineering (ISSE) Job Code: 39847 Job Location: Colorado Springs, CO Job Schedule: 9/80 Job Description: L3Harris is seeking a Senior Cybersecurity Engineer to lead cybersecurity strategy and execution for the MOSSAIC Portfolio. This leader applies current systems security engineering methods, practices, and technologies to the architecture, design, development, evaluation, and integration of systems and networks to maintain system security. Throughout the system lifecycle, this leader will partner closely with customers to ensure security protection needs, concerns, and requirements are defined and implemented with appropriate fidelity and rigor early and in a sustainable manner that enables security authorization of systems of interest. This role takes ownership of integrating multiple security methods into a cohesive system security perimeter and environment, including the policies and procedures necessary to monitor and maintain such an environment. The position represents program security needs, concerns, and requirements directly to customers. The ideal candidate is a strategic thinker with deep cybersecurity engineering expertise who scales vertically as a leader: operating hands-on at the technical level when programs need it, stepping back to drive strategy when the mission requires it, and coaching and developing the team at every level. Essential Functions:

CYBERSECURITY TECHNICAL LEADERSHIP & ARCHITECTURE

Lead portfolio-level cybersecurity strategy and execution for all security-related activities across the MOSSAIC Portfolio. Provide technical architectural oversight on the design, development, and integration of cybersecurity solutions that meet mission needs while maintaining compliance with DoD standards, NIST Risk Management Framework (RMF), and Cybersecurity Maturity Model Certification (CMMC) frameworks. Partner with cross-functional teams to identify, develop, and integrate cybersecurity policies, principles, requirements, and architectures across system lifecycle phases. Drive the development of processes, procedures, and technical work instructions to ensure security is embedded throughout portfolio activities. Develop and maintain long-range cybersecurity risk burn-down roadmaps that systematically address technical debt and vulnerabilities while balancing program schedule and resource constraints. Translate strategic security objectives into executable technical plans that deliver measurable risk reduction.

AUTHORIZATION, ACCREDITATION & COMPLIANCE

Lead Risk Management Framework (RMF) authorization and accreditation (A&A) efforts, guiding systems through RMF Steps 1-4: system categorization for Confidentiality, Integrity, and Availability (CIA); security control selection and baseline definition; control implementation across computing and network nodes; and security assessment coordination. Develop comprehensive Basis of Evidence (BoE) packages that enable Authority to Operate (ATO) decisions. Manage A&A package processing in eMASS (Enterprise Mission Assurance Support Service), ensuring documentation accuracy, completeness, and alignment with customer timelines and government requirements. Prepare Certification and Accreditation documentation using multiple standards including DoD 8510, and Committee on National Security Systems Instruction (CNSSI) 1253. Drive Cybersecurity Maturity Model Certification (CMMC) implementation across portfolio systems, ensuring certification standards are met. Partner with program leadership to align CMMC compliance efforts with contract requirements and customer expectations. Lead adoption of Zero Trust Architecture (ZTA) principles across system design and operations, ensuring least-privilege access, continuous verification, and assume-breach security postures are embedded in technical solutions and operational practices.

VULNERABILITY MANAGEMENT & SECURITY OPERATIONS

Own vulnerability management strategy and execution, including tracking vendor-released security patches, Common Vulnerabilities and Exposures (CVEs), Information Assurance Vulnerability Management (IAVMs), and hardware/software obsolescence. Analyze security assessment results and drive timely remediation while minimizing operational disruption. Oversee configuration and use of cyber defense and vulnerability assessment tools including Assured Compliance Assessment Solution (ACAS). Translate scan results into prioritized remediation plans with clear risk trade-offs and implementation timelines. Ensure Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) are applied to system configurations with appropriate rigor and documented evidence for assessment.

DEVSECOPS & APPLICATION SECURITY

Oversee Static Application Security Testing (SAST) processes for Application Security and Development STIG compliance using tools such as Fortify. Ensure portfolio-wide code scanning practices identify security issues early, and review summary reports that translate technical findings into risk insights for leadership decision-making. Champion DevSecOps best practices, partnering with development teams to embed security testing into automated pipelines. Guide DoD software selection and approval processes for Commercial Off-The-Shelf (COTS), Government Off-The-Shelf (GOTS), and Free and Open-Source Software (FOSS).

PROGRAM MANAGEMENT, COST & SCHEDULE LEADERSHIP

Serve as Control Account Manager (CAM) for cybersecurity work packages within the program's Earned Value Management System (EVMS). Analyze Variance Analysis Reports (VARs), provide data-driven schedule inputs, and make trade-off decisions on scope, schedule, and resources while maintaining acceptable risk posture and program quality objectives. Conduct portfolio oversight to identify opportunities for staffing efficiencies, prevent cost overruns, optimize resource allocation within budget constraints, and make strategic workforce decisions that balance technical capability with financial performance. Develop Basis of Estimate (BOE) for cybersecurity engineering efforts, translating security requirements into labor estimates, resource forecasts, and timeline projections that support program planning and customer negotiations. Lead security engineering activities including requirements development, design, test planning, configuration management, and maintenance of information systems and data. Ensure cybersecurity is integrated into the broader system engineering lifecycle, not treated as a standalone discipline.

BUSINESS CONTINUITY & MISSION RESILIENCE

Analyze problems to identify root causes rather than symptoms, applying rigorous engineering thinking to cybersecurity challenges. Develop recommendations on new products, emerging security technologies, and portfolio-level processes that improve security outcomes while supporting mission objectives.

STAKEHOLDER ENGAGEMENT & TECHNICAL COMMUNICATION

Represent portfolio cybersecurity needs, concerns, and requirements directly to customers, ensuring their security priorities are understood, documented, and addressed with appropriate technical fidelity throughout the system lifecycle. Conduct briefings to senior leadership, program managers, and customers on cybersecurity status, accreditation schedules, vulnerability management progress, and risk posture. Translate complex technical security concepts into business impacts and decision-quality information. Chair and participate in Configuration Working Groups (CWGs), Cybersecurity Working Groups, and Engineering Review Boards (ERBs). Drive implementation of cybersecurity lessons learned across systems, ensuring the organization benefits from past experience and avoids repeating mistakes. Influence cross-functional stakeholders to adopt security best practices, accept new concepts, and implement process improvements. Build credibility through demonstrated expertise, transparent communication, and consistent follow-through on commitments.

LEADERSHIP & ADVISORY

Serve as the portfolio director's principal cybersecurity advisor, providing executive-level guidance on all cybersecurity matters and serving as the authoritative decision-maker for portfolio-wide cyber engineering standards, DoD policy compliance, CMMC alignment, and cybersecurity acquisition requirements. Manage a distributed cybersecurity team across multiple MOSSAIC product lines. Ensure Information Security Systems Engineers (ISSEs) on each product line execute their responsibilities and meet customer security requirements. Collaborate with cross-functional disciplines across product lines to integrate cybersecurity into program execution. Lead, mentor, and develop cybersecurity discipline talent, fostering a culture of technical excellence, continuous learning, and security-first thinking. Scale engagement from hands-on technical work to strategic direction based on mission needs. This position is performed 100% on-site and cannot be accomplished remotely. Qualifications: Education: Bachelor's Degree and minimum 12 years of prior relevant experience, OR Graduate Degree and a minimum of 10 years of prior related experience, OR In lieu of a degree, minimum of 16 years of prior related experience. Active SECRET security clearance required with ability to obtain TS/SCI. DoD 8140.03 IAT Level 3 or IASAE Level 2 certification required. Preferred Additional Skills: Model-Based Systems Engineering (MBSE) and Digital Engineering methodologies experience. Hands-on experience with Windows and Linux system administration and security hardening. Deep understanding of engineering processes, concepts, and information security systems engineering principles (NIST Special Publication (SP) 800-160 Volume 1). System test and evaluation methods and RMF assessment methodology expertise. Demonstrated experience with Agile system development methodologies, CI/CD toolchains, and DevSecOps automation frameworks. Understanding of system vulnerabilities, exploitation techniques, and offensive security tradecraft. Experience working with U.S. Space Force Combat Forces Command (CFC) Mission Delta 2 (MD2). Top Secret / SCI clearance desired. In compliance with pay transparency requirements, the salary range for this role in California, Massachusetts, New Jersey, Washington, and the Greater D.C, Denver, or NYC areas is $153,500 - $284,000. The salary range for this role in Colorado state, Hawaii, Illinois, Maryland, Minnesota, New York state, Cleveland Ohio, and Vermont is $133,000 - $247,000. This is not a guarantee of compensation or salary, as final offer amount may vary based on factors including but not limited to experience and geographic location. L3Harris also offers a variety of benefits, including health and disability insurance, 401(k) match, flexible spending accounts, EAP, education assistance, parental leave, paid time off, and company-paid holidays. The specific programs and options available to an employee may vary depending on date of hire, schedule type, and the applicability of collective bargaining agreements.