BAE Systems, Inc. · 11 hours ago
Cyber Security SME
Wonder how qualified you are to the job?
Defense and Space Manufacturing
Insider Connection @BAE Systems, Inc.
Responsibilities
Possess multi-tasking skills, as well as be a good communicator/facilitator. Comfortable at all levels from developer to senior staff.
Knowledge of the complex network environments involving shared networks and multiple security enclaves.
Possess the ability to bridge the technical implementation (i.e. developer talk), into commonly understood security words.
Document the various security control implementations and gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts.
Document and obtain a general understanding of the architecture being developed for each project in order to write the Systems Security Plans (SSP)/CONOPS in the Greenlight application.
Gather information by working with various team members to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP’s), etc.
Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA).
Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e. evidence gathering from the teams).
Coordinate with various contractor and staff personnel to obtain the A&A content, as well as work with various customer security organizations to navigate the customer’s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
Keep track of where each of the various A&A projects are within the customer’s A&A process to know when it’s time to re-submit for accreditation or an accreditation extension.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Possess multi-tasking skills, as well as be a good communicator/facilitator. Comfortable at all levels from developer to senior staff.
Knowledge of the complex network environments involving shared networks and multiple security enclaves.
Possess the ability to bridge the technical implementation (i.e. developer talk), into commonly understood security words. Often this is a skillset and is not an actual language, but frequently translation or a basic understand needs to be conveyed by the ISSE when speaking with others or in writing the documentation in order to ensure it’s easy to understand.
Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts
Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP)/CONOPS in the Greenlight application.
Gather the information by working with various team members in order to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP’s), etc.
Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA)
Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e. evidence gathering from the teams)
Coordinating with various contractor and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer’s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
Keep track of where each of the various A&A projects are within the customer’s A&A process in order to know when it’s time to re-submit for accreditation or an accreditation extension.
Preferred
Previous ISSE experience directly supporting the customer
Previous ISSO experience directly supporting the customer is also helpful
Various security tools and reports such as Greenlight, RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk
Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.)
Virtualization experience (VDI & VMWare)
Basic knowledge is helpful, but not required for the following general topics: Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security Development and Operations (SecDevOps)
CISSP, or GSLC
AWS Certified Security Specialty
Basic Excel and Microsoft Office365
Benefits
Health insurance
Dental insurance
Vision insurance
Health savings accounts
401(k) savings plan
Disability coverage
Life and accident insurance
Employee assistance program
Legal plan
Discounts on home, auto, and pet insurance
Paid time off
Paid holidays
Paid parental leave
Paid military leave
Paid bereavement leave
Paid federal and state sick leave
Company recognition program
Company
BAE Systems, Inc.
Meaningful. Empowering. Remarkable. That’s a career at BAE Systems.
H1B Sponsorship
BAE Systems, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2022 (2)
Funding
Current Stage
Late StageLeadership Team
Recent News
2024-05-12
2024-05-12
2024-05-08
Company data provided by crunchbase