Information Systems Security Engineer ISSE (Expert)
BAE Systems USA - herndon, VA
Apply NowJob Description
Job Description BAE Systems, a top-ten prime contractor to the U.S. Department of Defense, enables the U.S. government to transform data into intelligence and provides engineering, integration and sustainment support for critical military platforms and systems. Intelligence & Security provides services and products to the Department of Defense, the government, federal law enforcement officials, and troops deployed around the world. At BAE Systems, we promote a strong, collaborative culture and provide our employees with the tools, skills and training they need to succeed. We are all about trust, camaraderie, and a shared ambition to lead the world in defense technologies and national security services. We offer flexible work environment to support the balance in your life and keep you performing at your best. Be a part of a company that is part of the community; driven to improve our future and protect our freedom. We are actively seeking Information Systems Security Engineers (ISSE) with a minimum of eleven (11) years experience. This opportunity is supporting the customer s Accreditation and Authorization (A&A) projects at the Group organizational level and is therefore supporting across various levels within the customer organization. Bachelor's or Master s Degree are preferred in one or more disciplines but can be waived if the candidate has previous ISSE experience with relevant skills / tools as the customer. ABC Required Education, Experience, & Skills Possess multi-tasking skills, be able to handle multiple A&A systems / projects simultaneously, as well as being a good communicator / facilitator. Comfortable communicating at all levels from developer / engineer to senior contractor / customer staff Knowledge of complex network environments involving shared networks and multiple security enclaves Possess the ability to bridge the technical implementation (i.e. engineering talk) into commonly understood security verbiage. Often this is a skillset and is not an actual language, frequent translation or a basic understand needs to be conveyed by the ISSE when speaking with others or when communicating in writing in order to ensure it s easy to understand at all levels. Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for the various Assessment and Authorization (A&A) efforts Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP) / CONOPS Gather the information by working with various systems owners, project managers, and engineering team members in order to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP s), etc. Support Accreditation and Authorization (A&A) reviews by Group level ISSMs and Security Controls Assessors (SCA) Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e. evidence gathering from the system owners, PMs, and engineering teams) Coordinating with various contractor and customer personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), and Authority to Operate (ATO) for each of the primary and secondary assigned systems Keep track of where each of the various A&A projects are within the customer s A&A process and be able to fluently discuss the status at all levels Provide appropriate support for ATO'ed systems that are in continuous monitoring Preferred Education, Experience, & Skills Previous ISSE experience directly supporting the customer Various security tools and reports such as GreenLight, Xacta, RoadRunner, Illuminate, Rapid 7, NMAP, WebInspect, App Detective, and Splunk Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.) Basic knowledge is helpful, but not required for the following general topics: Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security, Development and Operations (SecDevOps) CISSP or GSLC certifications AWS Certified Security Specialty Microsoft Office products at the expert level (Word, Excel, PowerPoint) Pay Information Full-Time Salary Range: $$239140 Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. Information Systems Security Engineer ISSE (Expert) 106864BR EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression
Created: 2024-11-05