IT Security Specialist - ISSO - Information Systems Security Off

Job Description
How does it feel to work on a team driven to make a big impact? Empowering. At BAE Systems, our teams are the root of our success in delivering life-saving products to our nation's military. We are hiring an IT Security Specialist to serve as the Information Systems Security Officer-ISSO. The ISSO will be responsible for ensuring the security and integrity of our organization's information systems and data. The ideal candidate will have a strong technical background and a passion for information security.

In this job, you will be responsible for:

• System Security Oversight: Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security plan.
• Program Implementation: Verify the implementation of delegated aspects of the system security program.
• Account Management: Ensure proper account management documentation is completed prior to adding and deleting system accounts.
• Documentation Management: Verify all system security documentation is current and accessible to properly authorized individuals.
• Risk Assessment and Mitigation: Conduct periodic assessments of authorized systems, identify vulnerabilities, and provide corrective actions to the Information System Security Manager - ISSM.
• Audit and Compliance: Ensure audit records are collected and analyzed in accordance with the security plan.
• Incident Response: Report all security-related incidents to the ISSM.
• System Recovery: Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
• Change Management: Formally notify the ISSM of any changes to a system that could affect authorization.
• Configuration Control: Serve as a member of the Configuration Control Board (CCB), if designated by the ISSM.

Expanded responsibilities to choose from:

• Security Policy and Compliance
• Conduct regular reviews and updates of security policies to ensure they remain relevant and effective.
• Collaborate with stakeholders to ensure that security policies are aligned with organizational goals and objectives.
• Provide guidance and training to employees on security policies and procedures.

Risk Management

• Identify, assess, and mitigate potential security risks to the organization's information systems and data.
• Conduct risk assessments and threat modeling to identify potential vulnerabilities and threats.
• Develop and implement risk mitigation plans to address identified risks.
• Monitor and review risk mitigation plans to ensure they are effective.

System Security

• Ensure the security and integrity of information systems, including networks, servers, workstations, and applications.
• Conduct regular security assessments and vulnerability scans to identify potential vulnerabilities.
• Implement security controls, such as firewalls, intrusion detection systems, and access controls.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.

Incident Response

• Develop and implement incident response plans to respond to security incidents, including data breaches and system compromises.
• Identify and classify security incidents and activate incident response plans as needed.
• Collaborate with incident response teams to contain and mitigate incidents.
• Conduct post-incident reviews to identify lessons learned and areas for improvement.

Vulnerability Management

• Execute the continuous monitoring strategy.
• Identify and remediate vulnerabilities in information systems and applications.
• Conduct regular vulnerability scans and penetration testing to identify potential vulnerabilities.
• Develop and implement vulnerability remediation plans to address identified vulnerabilities.
• Collaborate with IT teams to ensure that vulnerabilities are remediated in a timely and effective manner.

Security Awareness and Training

• Develop and implement security awareness and training programs for employees and contractors.
• Provide regular security training and awareness programs to educate employees on security best practices.
• Collaborate with HR and training teams to ensure that security training is integrated into employee onboarding and ongoing training programs.

Audit and Compliance

• Ensure user activity monitoring data is analyzed, stored, and protected in accordance with policies and procedures.
• Coordinate with internal and external auditors to ensure compliance with security policies, procedures, and regulatory requirements.
• Conduct regular security audits and assessments to identify potential security risks and vulnerabilities.
• Develop and implement audit and compliance plans to address identified risks and vulnerabilities.

Technical Security

• Provide technical security expertise, including threat analysis, vulnerability assessment, and penetration testing.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
• Conduct regular security testing and vulnerability assessments to identify potential security risks and vulnerabilities.

Communication and Collaboration

• Communicate security risks and vulnerabilities to stakeholders, including senior management and employees.
• Collaborate with IT teams, stakeholders, and external partners to ensure that security is integrated into organizational initiatives.
• Develop and maintain relationships with external security partners and vendors.

Continuous Improvement

• Complete required training identified in the ISSM Required Training Table within 6 months of appointment.
• Continuously monitor and review security policies, procedures, and controls to ensure they remain effective.
• Identify areas for improvement and develop plans to address them.
• Collaborate with stakeholders to ensure that security is integrated into organizational initiatives and that security risks are managed effectively.

Required Education, Experience, & Skills

• Bachelor's Degree and 6 years work experience or equivalent experience
• Experience in Information Security
• Experience in vulnerability/risk analysis
• Experience in security policy, risk management, and system security
• Experience in reports such as System Security Plans (SSPs), Risk Assessments Reports, Certification and Accreditation (C&A) packages, and/or System Requirements Traceability Matrix (SR TM)
• Experience in security information and event management (SIEM) systems
• Strong understanding of operating systems (Windows, Linux, etc.)
• Familiarity with network protocols and architectures
• Ability to work in a fast-paced environment and prioritize multiple tasks
• Excellent communication and interpersonal skills
• Strong analytical and problem-solving skills
• Ability to obtain and retain a security clearance
• U.S. Citizen

Preferred Education, Experience, & Skills

• Degree in Computer Science, Information Assurance, or a related field
• Certifications: CompTIA Security+ or CISSP or CISM
• Experience with Department of War classified systems such as SIPRNet.
• Experience with NIST Cybersecurity Framework and other security frameworks
• Proficient in Python, PowerShell, or other scripting languages #LI-Onsite #LI-JR1

Pay Information
Full-Time Salary Range: $115779 - $196825

Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.

About BAE Systems Platforms & Services
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.

The Platforms & Services (P&S) sector under BAE Systems, Inc does the big stuff: the armored combat vehicles, naval guns, missile launchers, and ship repair...just to name a few. Our employees take pride in the work they do and why they do it. They are on the front lines every day, building our products to protect the lives of those who serve. We may be biased, but we think P&S does some of the coolest work around, and we think you will too.