Senior Information System Security Engineer (ISSE)
$140,690 - $239,140/Yr
BAE Systems - Annapolis Junction, MD
posted 16 days ago
Full-time - Mid Level
Annapolis Junction, MD
Transportation Equipment Manufacturing
About the position
The selected candidate will join a high performing agile team that uses the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced program. Program execution follows DEVOPS best practices and employs robust development, test and production environments. Test Driven Development (TDD) and test automation tools are utilized alongside a full suite of team collaboration tools. The program is focused on injecting new technology and adding advanced capabilities in support of an on-going operational system.
Responsibilities
- Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.
- Identifying and implementing appropriate information security architectures and functionality to ensure security.
- Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
- Assessing and mitigating system security threats and risks throughout the program life cycle.
- Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for various system and networking operations.
- Effectively collaborating with other internal technical experts on a day-to-day basis.
- Communicating with Program Managers and POCs from customer organizations when necessary, regarding Security issues of significant importance.
- Participating in Program Increment Planning and related agile team activities.
- Working closely with System Engineering, Test Engineering, and Integration teams to ensure that the hardware and software architecture and implementation meets security requirements.
- Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.
- Evaluating security solutions to ensure they meet customer specified requirements for processing information.
- Evaluating the impact of new development on the operational security posture of the system.
- Evaluating, reviewing, and testing critical software.
- Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
- Auditing and assessing system security configuration settings using common methodologies and tools.
- Managing and enforcing security strategies and policies that affect various components of geographically distributed systems.
- Providing configuration management for security-relevant information system software.
- Serving as a subject matter expert in security architecture to include providing advice to Program Managers, Customer technical experts, and internal program teams.
- Formulating security compliance requirements for new system features.
- Identifying and remediating security issues throughout the system.
- Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.
- Working with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors and remediation approaches.
- Planning and conducting security verification testing of relevant type 1 devices.
Requirements
- Demonstrated knowledge of and experience with several of the following: current security tools; hardware/software security implementation; communication protocols; encryption techniques/tools.
- Experience completing security evaluations of software systems or architectures to ensure they meet security requirements.
- Experience preparing and maintaining SSPs and other security related documentation.
- Experience proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies, preferably on a large software or IT program.
- Demonstrated experience performing day-to-day security operations of large, complicated information and information processing systems.
- Must be committed to developing and adhering to best practices.
- Must be a solutions-oriented team player and must possess a high level of self-initiative.
- Must have excellent interpersonal skills.
Nice-to-haves
- Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience.
- Must have experience applying Risk Management Framework.
- Must have experience formulating and assessing IT security policy.
- Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
- Must have experience with secure configurations of commonly used desktop and server operating systems.
- Must be comfortable working on multiple systems and components simultaneously in various configurations.
- Must have strong verbal and written communications skills.
- Must be committed to adopting and adhering to best practices.
- Must be able to effectively plan and prioritize tasking and communicate clearly regarding technical options and trade-offs.
- Must be capable of performing high quality work both independently and with a team in a fast-moving environment.
Benefits
- Health, dental, and vision insurance
- Health savings accounts
- 401(k) savings plan
- Disability coverage
- Life and accident insurance
- Employee assistance program
- Legal plan
- Discounts on home, auto, and pet insurance
- Paid time off
- Paid holidays
- Paid parental leave
- Paid military leave
- Paid bereavement leave
- Federal and state sick leave
- Company recognition program
