About the position
BAE Systems, a top-ten prime contractor to the U.S. Department of Defense, enables the U.S. government to transform data into intelligence and provides engineering, integration and sustainment support for critical military platforms and systems. Intelligence & Security provides services and products to the Department of Defense, the government, federal law enforcement officials, and troops deployed around the world. At BAE Systems, we promote a strong, collaborative culture and provide our employees with the tools, skills and training they need to succeed. We are all about trust, camaraderie, and a shared ambition to lead the world in defense technologies and national security services. We offer flexible work environment to support the balance in your life and keep you performing at your best. Be a part of a company that is part of the community; driven to improve our future and protect our freedom. We are looking for experienced Software Engineer to join our technology-based program supporting a key Government customer.
Responsibilities
- Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts
- Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP)/CONOPS in the Greenlight application
- Gather the information by working with various team members in order to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP's), etc.
- Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA)
- Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e. evidence gathering from the teams)
- Coordinate with various contractor and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer's A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO)
- Keep track of where each of the various A&A projects are within the customer's A&A process in order to know when it's time to re-submit for accreditation or an accreditation extension
Requirements
- A minimum of six (6) years relevant experience with Bachelor's or Master's degrees; without a degree, eight (8) years of relevant experience is necessary
- Possess multi-tasking skills, as well as be a good communicator/facilitator. Comfortable at all levels from developer to senior staff
- Knowledge of the complex network environments involving shared networks and multiple security enclaves
- Possess the ability to bridge the technical implementation (i.e. developer talk) into commonly understood security words
- Experience in Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security Development and Operations (SecDevOps)
- Various security tools and reports such as Greenlight, RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk
- Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.)
Nice-to-haves
- Previous ISSE experience directly supporting the customer
- Previous ISSO experience directly supporting the customer is also helpful
- Virtualization experience (VDI & VMWare)
- CISSP, or GSLC
Benefits
- Health, dental, and vision insurance
- Health savings accounts
- 401(k) savings plan
- Disability coverage
- Life and accident insurance
- Employee assistance program
- Legal plan
- Discounts on home, auto, and pet insurance
- Paid time off
- Paid holidays
- Paid parental leave
- Paid military leave
- Paid bereavement leave
- Federal and state sick leave
- Company recognition program
