|Location||San Diego, CA|
|Date Posted||January 12, 2019|
See what you’re missing. Our employees work on the world’s most advanced electronics – from detecting threats for F-35 pilots to illuminating the night for soldiers. Spanning air, land, sea, and space, we are developing the technology of tomorrow, delivered today. Drawing strength from our differences, we’re innovating for the future. And you can, too. Our flexible work environment provides you a chance to change the world without giving up your personal life. We put our customers first – exemplified by our mission: “We Protect Those Who Protect Us®.” Sound like a team you want to be a part of? Come build your career with BAE Systems.
In Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) solutions, you’ll help develop systems that sense, control, exploit and disseminate actionable information to warfighters supporting a variety of missions.
BAE Systems is looking for a Cybersecurity/Information Assurance Engineer. The qualified candidate will be working on the security engineering team supporting engineering activities in a rapid development environment to support the specification, development, and application of computer security technologies, cybersecurity and information assurance management techniques to DoD and Intelligence Community systems.
Keywords: Cyber, security, vulnerability, STIG, RMF, Risk Management Framework, A&A, Assessment and Authorization
Tasks may include:
- Leading cyber system engineering activities; leading Assessment and Authorization activities for DoD and Intelligence Systems in accordance with Risk Management Framework(RMF) and ICD-503 guidelines
- Supporting offensive architecture analysis and design of defense-in-depth solutions
- Developing and accessing system security plans including security concept of operations, risk management matrix, security control traceability matrix, security test plan and procedures, and plan of action and milestones; analyzing vulnerability assessments to validate system compliance with RMF controls and DISA Security Technical Information Guidelines (STIGs)
- Analyzing static code scans and dynamic code scans to validate application security and development STIG compliance
- Verifying and validating vulnerability resolutions and/or milestones
- Leading security test events to achieve accreditation milestones and support proposal and cost estimate activities.
This position may require business travel to customer locations in support of product demonstrations, software installation, and system testing.
Typical Education & Experience
Typically a Bachelor's Degree and 8 years work experience or equivalent experience
Required Skills and Education
- ISC2 CISSP certification or equivalent certification
- Demonstrated expertise in national Cybersecurity policies, DoD or Intelligence Community Assessment and Authorization (A&A) processes and procedures
- Experience in vulnerability assessment, control allocation, and risk mitigation
- Proficient in vulnerability assessment, control allocation and risk mitigation
- Understanding of offensive security tactics, techniques and procedures
- Extensive experience with traditional A&A tools: ACAS Nessus, HBSS, Xacta, eMASS, SCAP Scanner, HP Fortify, WebInspect, STIG Viewer
- Demonstrated leadership skills (supervisory experience, building teams, building customer relationships)
- Ability to negotiate effectively with higher level managers, functional managers, customers, industry partners, and teammates
- Team player with a proactive attitude and the ability to be productive in a dynamic/collaborative environment
- Strong oral and written communications skills
- Motivated self-starter with good problem solving skills, judgment, and analytical capability
- US Citizenship and ability to be granted a security clearance by the Federal Government
- Leadership and mentoring skills
- Planning and organization skills
Preferred Skills and Education
- Bachelor’s degree in engineering/technical discipline, and typically 12+ year(s) related experience
- Experience with static and dynamic code analyzers
- Understanding of offensive security principles
- Knowledge of Agile management tools (e.g., SAFe Agile, Kanban, etc.)
- Other cyber certifications (ISSAP-CISSP, ISSEP-CISSP, CCSP, CEH, OSCP, etc)
- Experience with offensive architecting, threat modeling and attack vector analysis
- Experience with cloud and cross domain solution accreditations
- Experience with Cyber FMECA
- Experience writing proposals with innovative cost effective solutions
- Working knowledge of EVMS systems and Project management tools such as CPI and IMS
About BAE Systems Electronic Systems
BAE Systems Electronic Systems is the global innovator behind game-changing defense and commercial electronics. Exploiting every electron, we push the limits of what is possible, giving our customers the edge and our employees opportunities to change the world. Our products and capabilities can be found everywhere – from the depths of the ocean to the far reaches of space. At our core are more than 14,000 highly talented Electronic Systems employees with the brightest minds in the industry, we make an impact – for our customers and the communities we serve.