BAE Systems USA
Information Systems Security Engineer (ISSE)
BAE Systems USA, Sterling, Virginia, United States, 22170
Information Systems Security Officer (ISSO)
At BAE Systems, we promote a strong, collaborative culture and provide our employees with the tools, skills, and training they need to succeed. We are all about trust, camaraderie, and a shared ambition to lead the world in defense technologies and national security services. We offer a flexible work environment to support the balance in your life and keep you performing at your best. Be a part of a company that is part of the community; driven to improve our future and protect our freedom. Our Sterling, VA based team supports a US Government (USG) agency program that engineers, deploys, and maintains a cloud-based Model Based Systems Engineering Ecosystem (DEE). We are seeking an Information Systems Security Officer (ISSO) to monitor and maintain the programs' security posture. The ISSE will work in coordination with fellow members of the project team and external service providers in accordance with the NIST 800-171 Risk Management Framework (RMF) and USG instructions. Responsibilities include: Lead the charge for achieving Authority to Operate (ATO) and collaborate with the Information Security Officer (ISO) to maintain ATO Maintain security-related records Monitor the project's information system security posture Perform continuous monitoring (ConMon) using enterprise Information Assurance (IA) tools Audit event log data for indications of unauthorized computer activity using analysis software Audit vulnerability and compliance scan results to identify threats using scanning software Validate administrative and operational security controls implementation Coordinate with the technical team to remediate vulnerability and compliance related findings Create body of evidence (BOE) documentation in support of ConMon and system authorization packages Attend security-related meetings with customer and external service providers Provide security design guidance and analysis to ensure alignment with customer's security practices Single point of contact on all accreditation and continuous monitoring activities Manage privilege user nomination process Contribute to documentation such as system security plans (SSP) and standard operating procedures (SOP) POA&M development and implementation Ensure implementation and validation of security controls that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation Required Education, Experience, & Skills: Minimum of Bachelor's Degree plus 7 years relevant experience 5 years Information Assurance / Information System Security experience Possess a DoD 8140 Cyber Workforce IAT Level II or IAM Level 1 certification Set and self-manage professional development & education goals Ability to prioritize competing demands and complete tasks on schedule Work as part of a team and independently without direct supervision Understanding of the NIST 800-171 Risk Management Framework Experience in administration of mixed Windows and Linux environments Experience using vulnerability scanning tools, such as Nessus Knowledge of STIG compliance and vulnerability management Ability to analyze technical content to determine if it meets the customer's defined security requirements Outstanding written and oral communications skills Listen and ask clarifying questions as needed Speak in group settings Draft clear, concise, and grammatically correct documentation Maintain organized and complete records Knowledge of the complex environment involving shared networks and multiple security enclaves Knowledge of engineering for cyber engineering and integration services including security, authentication, identity management, authorization, and access control engineering Self-starter able to work independently and build relationships with technical reps across divisions, comfortable with cyber security and able to brief issues to the customer Over 5 years of experience working on Intelligence Community enterprise infrastructure and engineering programs Knowledge of cloud security controls and implementation Preferred Education, Experience, & Skills: AWS Certified Security Specialty CISSP Experience with implementation or administration of AWS Cloud Security Services Experience using Security Information and Event Management (SIEM) tools, such as Splunk Experience using Risk Management Framework Workflow Management Tool, such as ServiceNow Experience with: Security Control Testing Vulnerability Analysis Critical Incident Response Pay Information: Full-Time Salary Range: $130355 - $221603. Please note: this range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. About BAE Systems Intelligence & Security: BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a teammaking a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we dofrom intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.
At BAE Systems, we promote a strong, collaborative culture and provide our employees with the tools, skills, and training they need to succeed. We are all about trust, camaraderie, and a shared ambition to lead the world in defense technologies and national security services. We offer a flexible work environment to support the balance in your life and keep you performing at your best. Be a part of a company that is part of the community; driven to improve our future and protect our freedom. Our Sterling, VA based team supports a US Government (USG) agency program that engineers, deploys, and maintains a cloud-based Model Based Systems Engineering Ecosystem (DEE). We are seeking an Information Systems Security Officer (ISSO) to monitor and maintain the programs' security posture. The ISSE will work in coordination with fellow members of the project team and external service providers in accordance with the NIST 800-171 Risk Management Framework (RMF) and USG instructions. Responsibilities include: Lead the charge for achieving Authority to Operate (ATO) and collaborate with the Information Security Officer (ISO) to maintain ATO Maintain security-related records Monitor the project's information system security posture Perform continuous monitoring (ConMon) using enterprise Information Assurance (IA) tools Audit event log data for indications of unauthorized computer activity using analysis software Audit vulnerability and compliance scan results to identify threats using scanning software Validate administrative and operational security controls implementation Coordinate with the technical team to remediate vulnerability and compliance related findings Create body of evidence (BOE) documentation in support of ConMon and system authorization packages Attend security-related meetings with customer and external service providers Provide security design guidance and analysis to ensure alignment with customer's security practices Single point of contact on all accreditation and continuous monitoring activities Manage privilege user nomination process Contribute to documentation such as system security plans (SSP) and standard operating procedures (SOP) POA&M development and implementation Ensure implementation and validation of security controls that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation Required Education, Experience, & Skills: Minimum of Bachelor's Degree plus 7 years relevant experience 5 years Information Assurance / Information System Security experience Possess a DoD 8140 Cyber Workforce IAT Level II or IAM Level 1 certification Set and self-manage professional development & education goals Ability to prioritize competing demands and complete tasks on schedule Work as part of a team and independently without direct supervision Understanding of the NIST 800-171 Risk Management Framework Experience in administration of mixed Windows and Linux environments Experience using vulnerability scanning tools, such as Nessus Knowledge of STIG compliance and vulnerability management Ability to analyze technical content to determine if it meets the customer's defined security requirements Outstanding written and oral communications skills Listen and ask clarifying questions as needed Speak in group settings Draft clear, concise, and grammatically correct documentation Maintain organized and complete records Knowledge of the complex environment involving shared networks and multiple security enclaves Knowledge of engineering for cyber engineering and integration services including security, authentication, identity management, authorization, and access control engineering Self-starter able to work independently and build relationships with technical reps across divisions, comfortable with cyber security and able to brief issues to the customer Over 5 years of experience working on Intelligence Community enterprise infrastructure and engineering programs Knowledge of cloud security controls and implementation Preferred Education, Experience, & Skills: AWS Certified Security Specialty CISSP Experience with implementation or administration of AWS Cloud Security Services Experience using Security Information and Event Management (SIEM) tools, such as Splunk Experience using Risk Management Framework Workflow Management Tool, such as ServiceNow Experience with: Security Control Testing Vulnerability Analysis Critical Incident Response Pay Information: Full-Time Salary Range: $130355 - $221603. Please note: this range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. About BAE Systems Intelligence & Security: BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a teammaking a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we dofrom intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.