IT Sys Sec Eng Sr Prin

BAE Systems

Fort Belvoir, VA

Job Description
BAE Systems is seeking a Cloud Security Engineer to join our team located at the National Capital Region (NCR) supporting the Army‘s Enterprise Cloud Management Agency (ECMA) to provide Cloud Common Shared Services). The successful candidate will serve as a CYBER Security Engineer for cARMY Cloud Common Shared Services, part of the Army’s enterprise cloud environment that includes shared services in Amazon Web Services and Microsoft Azure clouds at IL 2, 4, 5 and 6. Cloud Network Security Engineer needs to have extensive working knowledge of a wide variety of systems and networks to include high volume/high availability systems.  The Cloud Network Security Engineer will be a multifaceted role working with networks and systems in geographically dispersed areas.   This person will be part of the Cloud Cyber Security team and responsible for helping with projects related to enterprise cloud Security Operations in Microsoft Azure and AWS with a heavy focus on management, monitoring and administration of security systems and tools in a cloud environment. Job duties include but are not limited to: 
  • IT service management ticket research/response (investigate cyber related tickets, work with AESS and other OPS team to remediate).
  • Monitoring and performing remediation steps from NETCOM (and various DoD organizations) around security bulletins such as Information Assurance Vulnerability Alerts (IAVAs) and Cyber Tasking Orders (CTOs).
  • Produce reports/SOPs (Track vulnerabilities, produce security metrics reports, operating procedures, continuity documents and support Tactics, Techniques, Procedures updates).
  • IT consulting (review emerging cyber tools for applications and participate in new/ongoing ECMA projects such as SIEM implementation)
  • Perform Ad-hoc Security Incident response steps in accordance with DoD and Army SOPs.
  • RMF/ATO support (Support RMF/ATO efforts, review documentation, facilitate STIG checklists, run kickoff meetings, and review eMASS records).
  • Working with and administration of Security tools such as ACAS, HBSS, And Burb Suite.

Required Skills and Education
  • BS/BA degree plus bachelor's degree and 10 years’ working experience, or equivalent experience; candidates with Armed Forces cyber courses or associate degrees, extensive certification, and additional experience are highly encouraged to apply. 
  • Familiar with SIEM tools (e.g. SolarWinds, Splunk, Elastic Security, Fortinet FortiSIEM, or Datadog Security Monitoring)
  • Experience with and McAfee administration and compliance scanning.
  • Experience with web application compliance scanning (BURP preferred)
  • Experience with Windows OS security setting/STIG reviews.
  • RMF/ATO support (Support RMF/ATO efforts, review documentation, facilitate STIG checklists, run kickoff meetings, and review eMASS records).
  • Working knowledge of several of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current Cloud Technologies.
  • High proficiency in written and oral communication for conveyance of cloud solution work products. Proficiency in Microsoft Office suite.
  • 8570.01M/ IAT Level II: MUST have one or more of the following Level II IAT Certifications or higher and be active: 
    • CCNA Security
    • CSA+
    • GICSP
    • GSEC
    • Security+ CE
    • SSCP

About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do—from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. At BAE Systems, we celebrate the array of skills, experiences, and perspectives our employees bring to the table. For us, differences are a source of strength. We’re laser-focused on high performance, and we work hard every day to nurture an inclusive culture where all employees can innovate and thrive. Here, you will not only build your career, but you will also enjoy work-life balance, uncover new experiences, and collaborate with passionate colleagues.
Preferred Skills and Education
  • Local to the Metro Washington Area
  • AWS Certified Advanced Networking – Specialty
  • Microsoft Certified: Azure Network Engineer Associate
  • Experience with cloud native tools such as cloud trail, cloud watch, sentinel, security hub
  • Cisco CCNA/CCNP/CISSP certification, or other advanced networking certification
  • Experience with lambda functions/scripting
  • Experience with Windows OS security setting/STIG reviews
  • Blue Coat Proxy experience
  • Experience with zero-trust networks
  • Experience with Cross-Domain-Solutions for transferring data between Non-classified Internet Protocol (IP) Router Network (NIPRNet) and Secret Internet Protocol (IP) Router Network (SIPRNet).
  • Previous US Army or Federal Government IT experience
  • Active DoD Secret or Top Secret clearance
  • Experience with FedRamp environments
  • ITIL Foundation

Typical Education and Experience
Typically a Bachelor's Degree and 8 years work experience or equivalent experience