Cyber Eng Sr Prin II
BAE Systems
- Herndon, VA
- Permanent
- Full-time
- Possess a proficiency in multi-tasking, as well as being a good communicator/facilitator. Comfortable communicating at all levels from engineer to senior staff.
- Possess the ability to bridge the technical implementation (i.e. engineer talk), into commonly understood security wording and communicate security working to others not familiar with security. Often this is a skillset and is not an actual language, but frequently translation or a basic understand needs to be conveyed by the ISSE when speaking with others or in writing the documentation in order to ensure it's easy to understand.
- Posses a demonstrated skillset in documenting the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts
- Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to represent the systems architecture in the customers security tracking application.
- Gather the information by working with various team members in order to write various additional A&A related documents such as Contingency Plan (CP), Configuration Management Plan (CMP), Privileged User Guide (PUG), Standard Operating Procedures (SOP's), etc.
- Support Accreditation and Authorization (A&A) reviews by ISSM, as well as the Security Controls Assessor (SCA), and auditors.
- Document the Risk Elements coming out of the Assessment and make Plans of Actions and Milestones (POA&Ms) timeframe and plan recommendations, implementation responses or mitigations, as well as provide all required artifacts (i.e. evidence gathering from the teams)
- Coordinating with various contractor and staff personnel to obtain the A&A content, as well as working with various customer organizations to navigate the customer's A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
- Keep track of where each of the various A&A projects are within the customer's A&A process in order to know when it's time to re-submit for accreditation or an accreditation extension.
- Support all activities associated with the ATO Continuous Monitoring process.
At BAE Systems, we work hard every day to nurture an inclusive culture where employees are valued and feel like they belong. We are conscious of the need for all employees to see themselves reflected at every level of the company and know that in order to unlock the full potential of our workforce, everyone must feel confident being their best, most sincere self and be equipped to thrive. We provide impactful professional development experiences to our employees and invest in social impact partnerships to uplift communities and drive purposeful change. Here you will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, grow and belong.Job FamilyCyber Security EngPreferred Skills and Education
- Previous ISSE experience directly supporting the customer.
- Various security tools and reports such as Xacta, RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk
- Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.)