Cyber Security Professional II

JOB DESCRIPTION

Job Description

US CITIZENSHIP REQUIRED

LI-KM1

Technical advisor for the Information Systems (IS) security requirements necessary for the protection of all sensitive information processed, stored, and / or transmitted through the use of the IS.

Interprets government requirements, prepare, validate, and maintain documentation in support of the Risk Management Framework (RMF).

Also implements and oversees the program security plans, policies, and procedures necessary to ensure compliance with all company and government requirements.

Monitor the enterprise unclassified computer networks to detect, analyze, and respond to cyber security threats. Gather cyber threat intelligence, analyze information, conduct cyber forensics, conduct cyber threat hunting, and evaluate information to provide recommendations to support key company decision makers to mitigate all cyber threats.

The Enterprise Assurance Strategic Capabilities Unit delivers critical assurance disciplines that protect and enable people, data and missions.

We provide a comprehensive approach to managing risk across the enterprise for current and future information environments where the business and missions execute.

We apply the use of innovative tools and robust processes to ensure mission and business success.

What You’ll Do :

• Schedule, conduct, and administer security tests and evaluations programs to ensure that all the applicable IS are operating in accordance with security requirements.
• Maintain a configuration management system to track and control all components of IS used in support of programs.
• Identify, evaluate, and document all IS and provide guidance on what controls and countermeasures may be appropriate to mitigate vulnerabilities and threats.
• Perform audits of all IS, investigation anomalies, and record and report findings, as required. Coordinate and / or conduct detailed inquiries;

assess potential damage; and develop, document, implement, and monitor corrective action plans. Perform data spill containment and clean up per customer direction.

• Ability to identify and respond to potential cyber threats to company equities utilizing advanced software applications and information provided by government partners and open-source intelligence gathering.
• May coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response partners, assist with determining the root cause of cyber incidents and work with stakeholders and responsible parties to remediate any identified control gaps or failures.
• May perform data breach response, cyber risk / security assessments, and remain involved in phases such as penetration testing, vulnerability scanning, and log configuration.
• May participate in engagements related to preemptive data breach response; analytic and reporting for litigation, data breaches, and regulatory response;

workplace and employment issues, including theft of trade secrets; and investigations related to network breaches / unauthorized access of data through computer forensics and incident response.

May perform duties as a cyber security threat hunter; track threat actors; responsible for reviewing system log events and data packets to proactively detect advanced threats that evade traditional security solutions;

participate in developing processes, procedures, and training for new technologies.

Identify and manage Plan of Action & Milestones (POA&Ms) through remediation as well as develop corrective action plans for each POA&M;

monthly progress reporting to management.

• Promote information security awareness.
• Maintain a regular and predictable work schedule.
• Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Capabilities Units and the Company.

Interact appropriately with others in order to maintain a positive and productive work environment.

Perform other duties as necessary.

On-Site Work Environment : This position requires regular in-person engagement by working on-site five days each normally scheduled week in the primary work location.

Travel and local commute between company campuses and other possible non-company locations may be required.

Working Conditions :

Work is performed in an office environment, laboratory, cleanroom, or production floor.

Required Education, Experience, & Skills

• Bachelor’s degree plus 2 or more years related experience.
• Each higher-level degree, , Master’s Degree or , may substitute for two years of experience. Related technical experience may be considered in lieu of education.

Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.

• A current, active TS / SCI security clearance is required.
• Ability to identify and respond to potential cyber threats to company equities utilizing advanced software applications and information provided by government partners and open-source intelligence gathering.

Pay Information

Full-Time Salary Range : $103500 - $140500

Please note : This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to : business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

Employee Benefits : At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being.

Regular employees scheduled to work 20+ hours per week are offered : health, dental, and vision insurance; health savings accounts;

a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance.

Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave.

Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and / or job specifics.