At BAE Systems, we promote a strong, collaborative culture and provide our employees with the tools, skills and training they need to succeed. We are all about trust, camaraderie, and a shared ambition to lead the world in defense technologies and national security services. We offer flexible work environment to support the balance in your life and keep you performing at your best. Be a part of a company that is part of the community; driven to improve our future and protect our freedom.

Our Sterling, VA based team supports a US Government (USG) agency program that engineers, deploys, and maintains a cloud-based Model Based Systems Engineering Ecosystem (DEE). We are seeking an Information Systems Security Officer (ISSO) to monitor and maintain the programs’ security posture. The ISSE will work in coordination with fellow members of the project team and external service providers in accordance with the NIST 800-171 Risk Management Framework (RMF) and USG instructions.

Responsibilities include:

• Lead the charge for achieving Authority to Operate (ATO) and collaborate with the Information Security Officer (ISO) to maintain ATO
• Maintain Security-related records
• Monitor the project’s information system security posture
• Perform Continuous Monitoring (ConMon) using enterprise Information Assurance (IA) tools
• Audit event log data for indications of unauthorized computer activity using analysis software
• Audit vulnerability and compliance scan results to identify threats using scanning software
• Validate administrative and operational Security Controls implementation
• Coordinate with the technical team to remediate vulnerability and compliance related findings
• Create Body of Evidence (BOE) documentation in support of ConMon and system authorization packages
• Attend Security-related meetings with customer and external service providers
• Provide security design guidance and analysis to ensure alignment with customer’s security practices
• Single point of contact on all accreditation and continuous monitoring activities
• Manage Privilege User nomination process
• Contribute to documentation such as System Security Plans (SSP) and Standard Operating Procedures (SOP)
• POA&M development and implementation
• Ensure implementation and validation of security controls that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation

XYZ

• Minimum of Bachelor’s Degree plus 7 years relevant experience
• 5 years Information Assurance / Information System Security experience
• Possess a DoD 8140 Cyber Workforce IAT Level II or IAM Level 1 certification
• Set and self-manage professional development & education goals
• Ability to prioritize competing demands and complete tasks on schedule
• Work as part of a team and independently without direct supervision Understanding of the NIST 800-171 Risk Management Framework
• Experience in administration of mixed Windows and Linux environments
• Experience using vulnerability scanning tools, such as Nessus
• Knowledge of STIG compliance and vulnerability management
• Ability to analyze technical content to determine if it meets the customer’s defined security requirements
• Outstanding written and oral communications skills
  • Listen and ask clarifying questions as needed
  • Speak in group settings
  • Draft clear, concise, and grammatically correct documentation
  • Maintain organized and complete records
• Knowledge of the complex environment involving shared networks and multiple security enclaves
• Knowledge of engineering for Cyber engineering and integration services including security, authentication, identity management, authorization, and access control engineering
• Self-starter able to work independently and build relationships with technical reps across divisions, comfortable with cyber security and able to brief issues to the customer
• Over 5 years of experience working on Intelligence Community enterprise infrastructure and engineering programs
• Knowledge of Cloud security controls and implementation

• AWS Certified Security Specialty
• CISSP
• Experience with implementation or administration of AWS Cloud Security services
• Experience using Security Information and Event Management (SIEM) tools, such as Splunk
• Experience using Risk Management Framework Workflow Management Tool, such as ServiceNow
• Experience with:
  • Security Control Testing
  • Vulnerability Analysis
  • Critical Incident Response