A System Security Engineer (SSE) is the individual responsible for ensuring an acquisition program adheres to system security standards that are appointed by the Program Manager (PM) thru System Security Engineering. They ensure system security requirements are identified and included in all program documents and requirements are implemented throughout the systems engineering process. They also design, evaluate and test systems security to ensure data and system integrity for an organization and/or system. Responsibilities include designing and monitoring computer security systems, organizational users, and visitors. This requires testing, updating, modifying, encryption and authentication.
Guide: USAF Weapon System PP and SSE Guidebook v2.0
Topics that the System Security Engineer (SSE) need to understand and address are:
- Program Protection Plan (PPP): Helps with the development of the PPP and it remains current and informed by the SE reviews, constraints and decisions. They also ensure emerging threats are continually assessed and incorporated in requirements/design.
- Information Assurance: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation (DoD 8500.01E: Information Assurance)
- Cyber Security: Measures taken to protect a computer, networks, or information on a computer system (as on the internet) and electronic information storage facilities belonging to, or operated by or for, the DoD or US Government, against unauthorized access, or attack, or attempts to access
- System Assurance: The justified confidence that the system functions as intended and is free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system at any time during the life cycle (NDIA Engineering for System Assurance Guidebook)
- System Security Engineering: An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities
AcqLinks and References: