JOB DESCRIPTION
Job Description
As an information systems security engineer (ISSE), you will support the customer in safeguarding networks against unauthorized modification, destruction, or disclosure.
Activities include but are not limited to :
- Conducting risk analysis on products reviewing CVEs, plugins, CWEs etc;
- Understanding how to explain and remediate the technical security controls;
- Facilitating Technical Insertions (the introduction of any new and / or improved hardware or software capabilities into an established operational system) for new products;
- Reviewing change requests for security impacts and technical documentation from a security perspective;
- Participates in Agile Planning Events to provide technical input
- Providing technical input into trade studies for tools;
- Providing technical expertise in implementation of technical security controls in government cloud environments (cloud security experience is highly desired);
- Researching, evaluating, testing, recommending, communicating, and implementing new security software or devices;
- Implementing, enforcing, communicating internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations;
- Managing all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.
The ISSE supports the Information systems security officer (ISSO) in managing all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.
The ISSE will support the ISSO in the following activities (including but not limited to) :
- Conducting risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses;
- Submitting monthly scan data in support of FISMA scorecard compliance requirements;
- Responding to data calls, scan requests and weekly and monthly reporting requirements.
Required Education, Experience, & Skills
Bachelor’s Degree with 7 years related experience
10 total years of experience in Information Assurance and IT Security
Experience with technical cloud security work.
Familiarity with JSON, YAML, HCL, and similar for cloud-related tasks and to structure exchange data over the internets.
Familiarity with infrastructure as Code (IaC) using Terraform AWS IaC, tool similar to AWS CloudFormation, to create, update, and version the AWS Architecture.
Familiarity with high level programming languages such as C++, C#, Java, Python, Perl, Ruby, Visual Basic
Pay Information
Full-Time Salary Range : $126610 - $215270
Please note : This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to : business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits : At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being.
Regular employees scheduled to work 20+ hours per week are offered : health, dental, and vision insurance; health savings accounts;
a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance.
Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave.
Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and / or job specifics.