Engineer II - Information Systems Security

Company:  Ball Aerospace

Boulder, CO, US, 80301

Date:  Jun 2, 2023
Job Category:  Engineering/ Technical
Req. ID:  25833

Clearance Requirement:   A current, active TS/SCI security clearance is required.


Ball Aerospace is powered by endlessly curious people with an unwavering mission focus. We pioneer discoveries that enable our customers to perform beyond expectation and protect what matters most. We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely.


At our core, we're passionate, committed people who believe together we can achieve extraordinary things. We work collaboratively with each other, our customers and partners to solve the world's greatest challenges. That means listening to one another, providing feedback and partnering across all levels. We value our inclusive culture where everyone is heard equally and creativity thrives. Each team member is fully invested in our mission and we bring an energy to work every day that propels our business and motivates us all to Go Beyond.®


For more information, visit Ball Aerospace Career Site or connect with us on LinkedIn, Facebook, Twitter or Instagram.


The Security and Mission Assurance Strategic Capabilities Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge.


Engineer II – Information Systems Security


Perform the engineering of information security functions, address the security aspects associated with the engineering of non-security functions, and protect the integrity of intellectual property and otherwise sensitive data, information, technologies, and methods utilized as part of the end-to-end mission assurance effort.


What You’ll Do:


  • Serve as an information systems security engineer for a national program, consulting the development, integration, and configuration of information systems.
  • Apply extensive technical expertise in support of the development of System Security documentation, and implement the program security plans, policies, and procedures necessary to ensure compliance with all company and government requirements.
  • Coordinate security-related activities with the government security stakeholders, Information System Owner (ISO), Information Systems Security Officer (ISSO), Information System Security Manager (ISSM), and Common Control Provider (CCP).
  • Lead Risk Management Framework (RMF) Assessments and Authorization (A&A) efforts, to include POA&M mitigation, the Continuous Monitoring program, and interfacing with government counterparts.
  • Develop and update information security policy documentation for the contract, ensuring that it aligns with best practices and remains consistent with the current operating environment.
  • Applying best practices and processes to capture, refine, and assist in the prioritization of requirements based on risk, engineering principles, and mission requirements.
  • Work alongside as a developer/engineer to provide enhanced security architectures, development tools, and information systems to facilitate secure missions.
  • Develop, configure, maintain, and monitor system security architectures, identifies vulnerabilities, and provides suggested mitigation alternatives.
  • Participate in design, development, and implementation of information systems to ensure these systems follow required security features and safeguards.
  • Evaluate vulnerability and compliance scan results and work with system developers and system administrators to eliminate or mitigate findings.
  • Generate Assessment & Authorization (A&A) documentation and artifacts (i.e., System Security Plans, Network Interface Planning Documents, etc.) for import / upload to the Xacta tool.
  • Propose categorization of information systems based on types of information processed, in conjunction with DAO Representatives and ISOs.
  • Coordinate with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understanding of development and application of security controls, and security tradeoffs and other decisions.
  • Maintain a comprehensive and holistic system view while addressing stakeholder security risks and concerns regarding information integrity and assurance implementation through the application of Systems Engineering skills.
  • Ensure that relevant threat and vulnerability data is considered in support of information security decisions.
  • Provide input to requirements, engineering, and risk trade space analyses to achieve a cost-effective security architectural design for protections that enable mission success.
  • Promote development of a strong team by participation in key aspects of the project and mentoring more junior team members.
  • Develop detailed development schedules and manage team activities to meet delivery milestones.
  • Maintain a regular and predictable work schedule.
  • Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Capabilities Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
  • Perform other duties as necessary.


What You’ll Need:


  • BS degree or higher in Engineering or a related technical field is required plus 5 or more years related experience.
  • Each higher-level degree, i.e., Master’s Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
  • A current, active TS/SCI security clearance is required.
  • Demonstrate excellent interpersonal skills, excellent communication and presentation skills, and ability to lead group discussions. 
  • Demonstrated competency in engineering related functional or cross-functional security areas (e.g., security engineering, IT operations security design, cybersecurity).
  • Working knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
  • Working knowledge of ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures.
  • Working knowledge of DoD/IC system security control requirements, roles, missions, and operational enterprise architecture.
  • Working knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Working knowledge of network access, identity, and access management (e.g., PKI).
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • Ability to write CTPs based on DISA STIGs, Executing CTPs for witness testing.
  • Ability to work with engineers and system administrators to correct scan findings / system vulnerabilities.
  • Working knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization guidelines) relating to system design.
  • Ability to translate security requirements into functional requirements and options for developers.
  • Security control inheritance from enterprise security services and communicating these to developers.
  • Experience using NESSUS / Security Center.
  • DevSecOps experience.
  • Amazon Web Services experience.
  • Experience working in the Government Cloud (GovCloud) environment.
  • Willingness to complete CISSP, CASP CE, CSSLP, or DoDD 8140 (DoDD 8570) IA SAE level I, level II, or level III certification.
  • SANS – SEC 504, SEC 545 or, SEC 501 preferred.
  • AWS Certification (Developer, DevOps, or Architect) or equivalent certification preferred.
  • ISC2 CCSP or CSA CCSK preferred.


Full-Time On-Site Work Environment: This position requires regular in-person engagement by working on-site full-time. Travel and local commute between Ball campuses and other possible non-Ball locations may be required.


Working Conditions:


  • Ball Aerospace is a drug-free workplace, which is imperative to the health and safety of all employees and is required as a condition of receiving contracts from federal agencies. Please remember that regardless of the legalization of marijuana in Colorado and other states, possession and use continues to be illegal under the federal Controlled Substances Act. This includes the use of some CBD products. A post-offer, pre-employment drug test is a condition of employment.
  • Work is performed in an office, laboratory, production floor, or clean room, outdoors or remote research environment.
  • May occasionally work in production work centers where use of protective equipment and gear is required.
  • May access other facilities in various weather conditions.


Verification that your current security clearance or government customer access meets the requirement for this position will be required.


Relocation for this position is available. 


Compensation & Benefits:


  • HIRING SALARY RANGE: $108,000 - $133,500 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.)
  • This position includes a competitive benefits package. For details, copy and paste into your browser or visit our careers site.




Ball Aerospace is an Equal Opportunity/Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.


Nearest Major Market: Boulder
Nearest Secondary Market: Denver