BAE Systems
Job Description
How does it feel to work on a team driven to make a big impact? Empowering. At BAE Systems, our teams are the root of our success in delivering life‑saving products to our nation's military. We are hiring an IT Security Specialist to serve as the Information Systems Security Officer‑ISSO. The ISSO will be responsible for ensuring the security and integrity of our organization’s information systems and data. The ideal candidate will have a strong technical background and a passion for information security.
In this job, you will be responsible for:
System Security Oversight: Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security plan.
Program Implementation: Verify the implementation of delegated aspects of the system security program.
Account Management: Ensure proper account management documentation is completed prior to adding and deleting system accounts.
Documentation Management: Verify all system security documentation is current and accessible to properly authorized individuals.
Risk Assessment and Mitigation: Conduct periodic assessments of authorized systems, identify vulnerabilities, and provide corrective actions to the Information System Security Manager – ISSM.
Audit and Compliance: Ensure audit records are collected and analyzed in accordance with the security plan.
Incident Response: Report all security‑related incidents to the ISSM.
System Recovery: Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
Change Management: Formally notify the ISSM of any changes to a system that could affect authorization.
Configuration Control: Serve as a member of the Configuration Control Board (CCB), if designated by the ISSM.
Expanded Responsibilities
Security Policy and Compliance
Conduct regular reviews and updates of security policies to ensure they remain relevant and effective.
Collaborate with stakeholders to ensure that security policies are aligned with organizational goals and objectives.
Provide guidance and training to employees on security policies and procedures.
Risk Management
Identify, assess, and mitigate potential security risks to the organization's information systems and data.
Conduct risk assessments and threat modeling to identify potential vulnerabilities and threats.
Develop and implement risk mitigation plans to address identified risks.
Monitor and review risk mitigation plans to ensure they are effective.
System Security
Ensure the security and integrity of information systems, including networks, servers, workstations, and applications.
Conduct regular security assessments and vulnerability scans to identify potential vulnerabilities.
Implement security controls, such as firewalls, intrusion detection systems, and access controls.
Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
Incident Response
Develop and implement incident response plans to respond to security incidents, including data breaches and system compromises.
Identify and classify security incidents and activate incident response plans as needed.
Collaborate with incident response teams to contain and mitigate incidents.
Conduct post‑incident reviews to identify lessons learned and areas for improvement.
Vulnerability Management
Execute the continuous monitoring strategy.
Identify and remediate vulnerabilities in information systems and applications.
Conduct regular vulnerability scans and penetration testing to identify potential vulnerabilities.
Develop and implement vulnerability remediation plans to address identified vulnerabilities.
Collaborate with IT teams to ensure that vulnerabilities are remediated in a timely and effective manner.
Security Awareness and Training
Develop and implement security awareness and training programs for employees and contractors.
Provide regular security training and awareness programs to educate employees on security best practices.
Collaborate with HR and training teams to ensure that security training is integrated into employee onboarding and ongoing training programs.
Audit and Compliance
Ensure user activity monitoring data is analyzed, stored, and protected in accordance with policies and procedures.
Coordinate with internal and external auditors to ensure compliance with security policies, procedures, and regulatory requirements.
Conduct regular security audits and assessments to identify potential security risks and vulnerabilities.
Develop and implement audit and compliance plans to address identified risks and vulnerabilities.
Technical Security
Provide technical security expertise, including threat analysis, vulnerability assessment, and penetration testing.
Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
Conduct regular security testing and vulnerability assessments to identify potential security risks and vulnerabilities.
Communication and Collaboration
Communicate security risks and vulnerabilities to stakeholders, including senior management and employees.
Collaborate with IT teams, stakeholders, and external partners to ensure that security is integrated into organizational initiatives.
Develop and maintain relationships with external security partners and vendors.
Continuous Improvement
Complete required training identified in the ISSM Required Training Table within 6 months of appointment.
Continuously monitor and review security policies, procedures, and controls to ensure they remain effective.
Identify areas for improvement and develop plans to address them.
Collaborate with stakeholders to ensure that security is integrated into organizational initiatives and that security risks are managed effectively.
Job Title IT Security Spec Prin
Postal Code 55369
Job Family IT Security
Travel Percentage 25%
Clearance Level – Must be able to obtain for position Top Secret
Shift 1st Shift
Regular or Temporary Regular
Typical Education and Experience Typically a Bachelor's Degree and 6 years work experience or equivalent experience
Required Skills and Education
Bachelor's Degree and 6 years work experience or equivalent experience
Experience in Information Security
Experience in vulnerability/risk analysis
Experience in security policy, risk management, and system security
Experience in reports such as System Security Plans (SSPs), Risk Assessments Reports, Certification and Accreditation (C&A) packages, and/or System Requirements Traceability Matrix(SR TM)
Experience in security information and event management (SIEM) systems
Strong understanding of operating systems (Windows, Linux, etc.)
Familiarity with network protocols and architectures
Ability to work in a fast‑paced environment and prioritize multiple tasks
Excellent communication and interpersonal skills
Strong analytical and problem‑solving skills
Ability to obtain and retain a security clearance
U.S. Citizen
Preferred Skills and Education
Degree in Computer Science, Information Assurance, or a related field
Certifications: CompTIA Security+ or CISSP or CISM
Experience with Department of War classified systems such as SIPRNet.
Experience with NIST Cybersecurity Frameworkand other security frameworks
Proficient in Python, PowerShell, or other scripting languages#LI-Onsite#LI-JR1
About BAE Systems Platforms & Services Posting BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference.
The Platforms & Services (P&S) sector under BAE Systems, Inc does the big stuff: the armored combat vehicles, naval guns, missile launchers, and ship repair…just to name a few. Our employees take pride in the work they do and why they do it. They are on the front lines every day, building our products to protect the lives of those who serve. We may be biased, but we think P&S does some of the coolest work around, and we think you will too.
Department 32SEC_P&S CMS Security
Company 130_BAE Systems Land&Armaments LP
Posting Requirements Internal/External
Job Category Other Professionals
U.S. Person Required Yes
Business Area Combat Mission Systems
Physical location of the job Full-time onsite
Salary Max Point 196825
Salary Min Point 115779
Union Job None
Recruiter Jenny Ridings
U.S. Citizenship Required Yes
#J-18808-Ljbffr
In this job, you will be responsible for:
System Security Oversight: Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security plan.
Program Implementation: Verify the implementation of delegated aspects of the system security program.
Account Management: Ensure proper account management documentation is completed prior to adding and deleting system accounts.
Documentation Management: Verify all system security documentation is current and accessible to properly authorized individuals.
Risk Assessment and Mitigation: Conduct periodic assessments of authorized systems, identify vulnerabilities, and provide corrective actions to the Information System Security Manager – ISSM.
Audit and Compliance: Ensure audit records are collected and analyzed in accordance with the security plan.
Incident Response: Report all security‑related incidents to the ISSM.
System Recovery: Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
Change Management: Formally notify the ISSM of any changes to a system that could affect authorization.
Configuration Control: Serve as a member of the Configuration Control Board (CCB), if designated by the ISSM.
Expanded Responsibilities
Security Policy and Compliance
Conduct regular reviews and updates of security policies to ensure they remain relevant and effective.
Collaborate with stakeholders to ensure that security policies are aligned with organizational goals and objectives.
Provide guidance and training to employees on security policies and procedures.
Risk Management
Identify, assess, and mitigate potential security risks to the organization's information systems and data.
Conduct risk assessments and threat modeling to identify potential vulnerabilities and threats.
Develop and implement risk mitigation plans to address identified risks.
Monitor and review risk mitigation plans to ensure they are effective.
System Security
Ensure the security and integrity of information systems, including networks, servers, workstations, and applications.
Conduct regular security assessments and vulnerability scans to identify potential vulnerabilities.
Implement security controls, such as firewalls, intrusion detection systems, and access controls.
Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
Incident Response
Develop and implement incident response plans to respond to security incidents, including data breaches and system compromises.
Identify and classify security incidents and activate incident response plans as needed.
Collaborate with incident response teams to contain and mitigate incidents.
Conduct post‑incident reviews to identify lessons learned and areas for improvement.
Vulnerability Management
Execute the continuous monitoring strategy.
Identify and remediate vulnerabilities in information systems and applications.
Conduct regular vulnerability scans and penetration testing to identify potential vulnerabilities.
Develop and implement vulnerability remediation plans to address identified vulnerabilities.
Collaborate with IT teams to ensure that vulnerabilities are remediated in a timely and effective manner.
Security Awareness and Training
Develop and implement security awareness and training programs for employees and contractors.
Provide regular security training and awareness programs to educate employees on security best practices.
Collaborate with HR and training teams to ensure that security training is integrated into employee onboarding and ongoing training programs.
Audit and Compliance
Ensure user activity monitoring data is analyzed, stored, and protected in accordance with policies and procedures.
Coordinate with internal and external auditors to ensure compliance with security policies, procedures, and regulatory requirements.
Conduct regular security audits and assessments to identify potential security risks and vulnerabilities.
Develop and implement audit and compliance plans to address identified risks and vulnerabilities.
Technical Security
Provide technical security expertise, including threat analysis, vulnerability assessment, and penetration testing.
Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
Conduct regular security testing and vulnerability assessments to identify potential security risks and vulnerabilities.
Communication and Collaboration
Communicate security risks and vulnerabilities to stakeholders, including senior management and employees.
Collaborate with IT teams, stakeholders, and external partners to ensure that security is integrated into organizational initiatives.
Develop and maintain relationships with external security partners and vendors.
Continuous Improvement
Complete required training identified in the ISSM Required Training Table within 6 months of appointment.
Continuously monitor and review security policies, procedures, and controls to ensure they remain effective.
Identify areas for improvement and develop plans to address them.
Collaborate with stakeholders to ensure that security is integrated into organizational initiatives and that security risks are managed effectively.
Job Title IT Security Spec Prin
Postal Code 55369
Job Family IT Security
Travel Percentage 25%
Clearance Level – Must be able to obtain for position Top Secret
Shift 1st Shift
Regular or Temporary Regular
Typical Education and Experience Typically a Bachelor's Degree and 6 years work experience or equivalent experience
Required Skills and Education
Bachelor's Degree and 6 years work experience or equivalent experience
Experience in Information Security
Experience in vulnerability/risk analysis
Experience in security policy, risk management, and system security
Experience in reports such as System Security Plans (SSPs), Risk Assessments Reports, Certification and Accreditation (C&A) packages, and/or System Requirements Traceability Matrix(SR TM)
Experience in security information and event management (SIEM) systems
Strong understanding of operating systems (Windows, Linux, etc.)
Familiarity with network protocols and architectures
Ability to work in a fast‑paced environment and prioritize multiple tasks
Excellent communication and interpersonal skills
Strong analytical and problem‑solving skills
Ability to obtain and retain a security clearance
U.S. Citizen
Preferred Skills and Education
Degree in Computer Science, Information Assurance, or a related field
Certifications: CompTIA Security+ or CISSP or CISM
Experience with Department of War classified systems such as SIPRNet.
Experience with NIST Cybersecurity Frameworkand other security frameworks
Proficient in Python, PowerShell, or other scripting languages#LI-Onsite#LI-JR1
About BAE Systems Platforms & Services Posting BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference.
The Platforms & Services (P&S) sector under BAE Systems, Inc does the big stuff: the armored combat vehicles, naval guns, missile launchers, and ship repair…just to name a few. Our employees take pride in the work they do and why they do it. They are on the front lines every day, building our products to protect the lives of those who serve. We may be biased, but we think P&S does some of the coolest work around, and we think you will too.
Department 32SEC_P&S CMS Security
Company 130_BAE Systems Land&Armaments LP
Posting Requirements Internal/External
Job Category Other Professionals
U.S. Person Required Yes
Business Area Combat Mission Systems
Physical location of the job Full-time onsite
Salary Max Point 196825
Salary Min Point 115779
Union Job None
Recruiter Jenny Ridings
U.S. Citizenship Required Yes
#J-18808-Ljbffr