Job Description ** This position can be based out of Sterling, VA, Rockville, MD, or Pensacola, FL. This position is eligible for maximum telework (>50%). **
This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this effort, you will serve as an Information Systems Security Officer who will support the Agile Release Trains (ART) in defining security requirements, translating RMF related governance and policies as well as supporting the reduction of cybersecurity risks to our customer's environments. As an Information Systems Security Officer (ISSO), your responsibilities will include:
* Managing all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.
* Understanding the Risk Management Framework (RMF), and how risk management is executed, what risk means, and how to analyze it.
* Spearheading Authority to Operate (ATO) and/or Authority to Proceed (ATP) efforts while making independent recommendations to Government Leads during these processes.
* Conducting risk analysis from vulnerability and compliance scans, pen testing results, or other audit activity.
* Creating written works to include but not limited to Plan of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
* Participating in Agile Planning Events to provide technical input. Required Education, Experience, & Skills Bachelor's degree and 7 years work experience or equivalent experience or 10 years related work experience, to include:
* Being a self-starter who's able to work in both independent and team environments while building work relationships with SMEs across divisions. Additionally, must be comfortable with cyber security and able to brief issues to the customer.
* The ability to articulate and provide a true and accurate status update on government IT systems security posture as well as overall system health to the customer in a clear and concise manner.
* Experience executing the NIST Risk Management Framework (RMF) and applying security practices found in NIST publications. (i.e. SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, etc.)
* Experience documenting System Security Plans to include security control implementation statements. * Experience conducting periodic reviews of implementation statements to ensure persistent compliance with applicable government and agency level policies in addition to ISO and NIST standards.
* Experience validating the implementation of security controls within a cloud environment (AWS or Azure).
* Supporting the security assessment and authorization (or ATO) process.
* Analyzing testing results from scans, audits, penetration tests, or other test efforts to determine risk levels.
* Hands-on experience with vulnerability management tools such as Tenable Nessus and Security Center.
* Conducting Continuous Monitoring and maintaining the security posture of IT systems within on-prem, cloud, and hybrid environments. * Knowledgeable on one or more cloud computing services and technologies including but not limited to: AWS, Microsoft Azure, VMware, etc.
* Familiarization with the Microsoft Office 365 Suite. (i.e. Word, PowerPoint, SharePoint, Excel, etc.) Preferred Education, Experience, & Skills * Cyber program experience within federal customer space a plus!
* Familiarization with Scaled Agile Frameworks (SAFe), agile development principles, and DevSecOps methodologies are a plus!
* Experience with managing vulnerabilities on virtualized IT systems and assets or virtual machines (i.e. VDI and VMware.) is a plus!
* Experience with SAFe Agile tools like Jira, Jira Align, or ServiceNow.
* Certifications such as CISSP, CCSP, AWS, Microsoft Azure, CISA, CAP, and SAFe 6 are highly desired. Pay Information
Full-Time Salary Range: $112420 - $191070 Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. About BAE Systems Intelligence & Security BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. Our Commitment to Diversity, Equity, and Inclusion:
At BAE Systems, we work hard every day to nurture an inclusive culture where employees are valued and feel like they belong. We are conscious of the need for all employees to see themselves reflected at every level of the company and know that in order to unlock the full potential of our workforce, everyone must feel confident being their best, most sincere self and be equipped to thrive. We provide impactful professional development experiences to our employees and invest in social impact partnerships to uplift communities and drive purposeful change. Here you will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, grow and belong.