Full Job Description
Job Description BAE Systems has an immediate need for a qualified Senior Cyber Analyst to support our US Navy AEGIS TECHREP customer. AEGIS TECHREP provides on-site direction, oversight, and support that validates the total AEGIS weapon and combat system design.
Responsible for monitoring, analyzing, and responding to cyber threats, ensuring the integrity, confidentiality, and availability of DoD compliant systems. Work closely with a multi-disciplinary team providing technical expertise and support, enhance cybersecurity capabilities, and lead initiatives to mitigate potential risks. The qualified individual will be tasked with maintaining accreditation of AEIGS TECHREP packages for interconnected and independent systems to achieve and maintain accreditation of both Classified and Unclassified environments. Duties may include obtaining, creating, and handling of classified documentation, conducting interviews with system owners, system administrators, and development engineers, identification, and remediation of risk in compliance of the Risk Management Framework, Lead ISSE accreditation process through Continuous Monitoring / Annual Reviews. Additional scope includes, but not limited to:
* Assist in categorizing the Information System taking into consideration its required Confidentiality, Integrity, and Availability levels.
* Assist in determining if any additional security controls are necessary for any software or hardware not covered by a STIG following vendor security guidelines or industry best practices.
* Assist in developing the System Authorization Boundary and Infoflow/Path diagrams and Ensure compliance with the DISN CPG and RMF Process Guide and that all registered PPS are identified.
* Assist in documenting in the POAM any mitigations or pre-disposing conditions in place that should be considered to help reduce the severity of a finding if it cannot be remediated completely.
* Assemble and perform first level review of Local Interim Authorization To Connect (LIATC), Interim Authorization To Connect (IATC), and Authorization To Connect (ATC) packages for submission to Navy Qualified Validators (NQV).
* Collaborate with system engineers and administrators to implement security controls and patches.
* Communicate complex technical information to non-technical stakeholders.
* Conduct forensic investigations and root cause analyses of security incidents.
* Conduct risk assessments and develop risk management plans.
* Determine the residual risk of each vulnerability after proposed mitigations while considering the severity of the vulnerability, the likelihood of exploitation, and the potential impact if exploited.
* Develop and deliver training programs to enhance the cybersecurity skills of the team.
* Develop and implement incident response plans and procedures.
* Document any testing limitations that will result in a deviation from assessment expectations and document any custom test cases required to complete the security assessment.
* Ensure all controls have documented Test Results.
* Ensure Authorization to Connect (ATC) or MOUs are in place for any interconnected systems.
* Ensure compliance with relevant cybersecurity standards, policies, and regulations.
* Ensure controls inheritable from other DoD packages are applied as necessary.
* Ensure that the Security Controls/Guidelines are implemented by evaluating system scan results and manually reviewing required configurations and documentation.
* Ensure traceability between the HW/SW list, boundary diagram, Security Plan, SAP, vulnerability scans, and all other associated artifacts and correct any discrepancies.
* Experience working with AEGIS systems or in a similar technical DoD environment is highly desirable.
* Identify, evaluate, and mitigate vulnerabilities in AEGIS systems and related infrastructure.
* Knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001).
* Lead cybersecurity projects and initiatives, ensuring timely and effective completion.
* Review and maintain documentation for each system to ensure accuracy of security measures, incidents, and remediation efforts.
* Monitor and analyze network traffic, system logs, and security events to identify and respond to potential cyber threats.
* Prepare and present reports on cybersecurity status, incidents, and trends to senior management.
* Proficiency in cybersecurity tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint protection).
* Provide technical guidance and support to junior analysts and other team members.
* Strong understanding of network protocols, operating systems, and security architectures.
* Use eMASSter to evaluate vulnerability scans (ACAS and STIGs) and that all open vulnerabilities identified are added to the POA&M.
* Work closely with cross-functional teams, including IT, engineering, and operations, to address cybersecurity issues.Required Education, Experience, & Skills Minimum education and years of relevant/related experience: A minimum of a Bachelor's of Science (BS) or Arts (BA) degree in Information Systems, Computer Engineering, Computer Science or Cyber Security, Master's in Cybersecurity Preferred and no less than three (3) years of relevant experience in engineering and/or securing DoD systems, minimum certification as IAT or IAM Level II and an industry certification in Cybersecurity such as Security+, and/or ISC2 Certification in Cybersecurity; Advanced degree and certifications (e.g., CISSP, CISM, CEH) preferred. Demonstrated experience with computer security, military system specifications, DoD IA policies, demonstrated experience in the DoD Risk Management Framework (RMF), Platform IT (PIT), and the implementation of Cybersecurity and IA boundary defense techniques.
Ability to work in the Microsoft Office suite including working with documents, text formatting and manipulation, data validation and analytics, scripting, pivot tables, and formulas. Selected candidate must possess effective verbal and written communication skills.
The preferred candidate should have excellent analytical and problem-solving skills, strong leadership and mentoring abilities, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
Preferred Education, Experience, & Skills Relevant experience: RMF process, system analysis, system audits, CISCO iOS, MS Window/Server, LINUX, network and system monitoring tools, IA compliance models and tools, IA control validation, risk management, incident response, and information system security officer responsibilities. Within the period of relevant experience, must have a minimum of two (2) years working in Research, Development, Test & Evaluation (RDT&E).
A Master of Science or Arts degree may be substituted for two years of the relevant experience requirement.
Security clearance requirements: Must be able to obtain and maintain a DoD Top-Secret security clearance (US Citizenship required). Selected candidate will receive a contingent offer and start date will be delayed until an interim Top-Secret clearance is granted.
Pay Information
Full-Time Salary Range: $75570 - $128480
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
About BAE Systems Intelligence & Security BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.
Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.
Responsible for monitoring, analyzing, and responding to cyber threats, ensuring the integrity, confidentiality, and availability of DoD compliant systems. Work closely with a multi-disciplinary team providing technical expertise and support, enhance cybersecurity capabilities, and lead initiatives to mitigate potential risks. The qualified individual will be tasked with maintaining accreditation of AEIGS TECHREP packages for interconnected and independent systems to achieve and maintain accreditation of both Classified and Unclassified environments. Duties may include obtaining, creating, and handling of classified documentation, conducting interviews with system owners, system administrators, and development engineers, identification, and remediation of risk in compliance of the Risk Management Framework, Lead ISSE accreditation process through Continuous Monitoring / Annual Reviews. Additional scope includes, but not limited to:
* Assist in categorizing the Information System taking into consideration its required Confidentiality, Integrity, and Availability levels.
* Assist in determining if any additional security controls are necessary for any software or hardware not covered by a STIG following vendor security guidelines or industry best practices.
* Assist in developing the System Authorization Boundary and Infoflow/Path diagrams and Ensure compliance with the DISN CPG and RMF Process Guide and that all registered PPS are identified.
* Assist in documenting in the POAM any mitigations or pre-disposing conditions in place that should be considered to help reduce the severity of a finding if it cannot be remediated completely.
* Assemble and perform first level review of Local Interim Authorization To Connect (LIATC), Interim Authorization To Connect (IATC), and Authorization To Connect (ATC) packages for submission to Navy Qualified Validators (NQV).
* Collaborate with system engineers and administrators to implement security controls and patches.
* Communicate complex technical information to non-technical stakeholders.
* Conduct forensic investigations and root cause analyses of security incidents.
* Conduct risk assessments and develop risk management plans.
* Determine the residual risk of each vulnerability after proposed mitigations while considering the severity of the vulnerability, the likelihood of exploitation, and the potential impact if exploited.
* Develop and deliver training programs to enhance the cybersecurity skills of the team.
* Develop and implement incident response plans and procedures.
* Document any testing limitations that will result in a deviation from assessment expectations and document any custom test cases required to complete the security assessment.
* Ensure all controls have documented Test Results.
* Ensure Authorization to Connect (ATC) or MOUs are in place for any interconnected systems.
* Ensure compliance with relevant cybersecurity standards, policies, and regulations.
* Ensure controls inheritable from other DoD packages are applied as necessary.
* Ensure that the Security Controls/Guidelines are implemented by evaluating system scan results and manually reviewing required configurations and documentation.
* Ensure traceability between the HW/SW list, boundary diagram, Security Plan, SAP, vulnerability scans, and all other associated artifacts and correct any discrepancies.
* Experience working with AEGIS systems or in a similar technical DoD environment is highly desirable.
* Identify, evaluate, and mitigate vulnerabilities in AEGIS systems and related infrastructure.
* Knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001).
* Lead cybersecurity projects and initiatives, ensuring timely and effective completion.
* Review and maintain documentation for each system to ensure accuracy of security measures, incidents, and remediation efforts.
* Monitor and analyze network traffic, system logs, and security events to identify and respond to potential cyber threats.
* Prepare and present reports on cybersecurity status, incidents, and trends to senior management.
* Proficiency in cybersecurity tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint protection).
* Provide technical guidance and support to junior analysts and other team members.
* Strong understanding of network protocols, operating systems, and security architectures.
* Use eMASSter to evaluate vulnerability scans (ACAS and STIGs) and that all open vulnerabilities identified are added to the POA&M.
* Work closely with cross-functional teams, including IT, engineering, and operations, to address cybersecurity issues.Required Education, Experience, & Skills Minimum education and years of relevant/related experience: A minimum of a Bachelor's of Science (BS) or Arts (BA) degree in Information Systems, Computer Engineering, Computer Science or Cyber Security, Master's in Cybersecurity Preferred and no less than three (3) years of relevant experience in engineering and/or securing DoD systems, minimum certification as IAT or IAM Level II and an industry certification in Cybersecurity such as Security+, and/or ISC2 Certification in Cybersecurity; Advanced degree and certifications (e.g., CISSP, CISM, CEH) preferred. Demonstrated experience with computer security, military system specifications, DoD IA policies, demonstrated experience in the DoD Risk Management Framework (RMF), Platform IT (PIT), and the implementation of Cybersecurity and IA boundary defense techniques.
Ability to work in the Microsoft Office suite including working with documents, text formatting and manipulation, data validation and analytics, scripting, pivot tables, and formulas. Selected candidate must possess effective verbal and written communication skills.
The preferred candidate should have excellent analytical and problem-solving skills, strong leadership and mentoring abilities, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
Preferred Education, Experience, & Skills Relevant experience: RMF process, system analysis, system audits, CISCO iOS, MS Window/Server, LINUX, network and system monitoring tools, IA compliance models and tools, IA control validation, risk management, incident response, and information system security officer responsibilities. Within the period of relevant experience, must have a minimum of two (2) years working in Research, Development, Test & Evaluation (RDT&E).
A Master of Science or Arts degree may be substituted for two years of the relevant experience requirement.
Security clearance requirements: Must be able to obtain and maintain a DoD Top-Secret security clearance (US Citizenship required). Selected candidate will receive a contingent offer and start date will be delayed until an interim Top-Secret clearance is granted.
Pay Information
Full-Time Salary Range: $75570 - $128480
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
About BAE Systems Intelligence & Security BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.
Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.
Job Information
Job Category:
Engineering
Spotlight
Employer
Related jobs
ADMINISTRATIVE/FISCAL ASSISTANT
Robeson Township
ROBESON TOWNSHIP ADMINISTRATIVE/FISCAL ASSISTANT The Township of Robeson in southern Berks County is seeking a part-time to full-time Admin/Fiscal Assistant. Bachelors degree or three years experience...
Jan 24, 2025
Birdsboro, PA
ROBESON TOWNSHIP POLICE DEPARTMENT ADMINISTRATIVE ASSISTANT
Robeson Township
ROBESON TOWNSHIP POLICE DEPARTMENT ADMINISTRATIVE ASSISTANT The Township of Robeson in southern Berks County is seeking a full-time Police Administrative Assistant. The Police Administrative Assistant...
Jan 24, 2025
Birdsboro, PA
Senior Energy Efficiency Engineer
Michaels Energy, Inc.
Who is Michaels Energy? Michaels Energy is a veteran-owned energy consulting firm that exists to help businesses minimize waste and maximize value. Our energy and engineering gurus are obsessed with o...
Jan 24, 2025
St. Petersburg, FL
