Development Security Operations (DevSecOps) Engineer

About The Position

Requirements

• Minimum of Bachelor’s Degree in Computer Science, Information Systems, Engineering, or a related technical or scientific discipline.
• Current Security + certification.
• Minimum of six (6) years of system administration or engineering experience with expertise in Linux and AWS cloud environments.
• Demonstrated experience in a DevOps / DevSecOps environment
• Demonstrated experience working in a Agile / Scaled Agile construct.
• 5 years of related experience in systems engineering and administration.
• 3 years of experience generating Risk Management Framework (RMF) packages and supporting ICD 503 compliance.
• 3 years of experience with applying DISA Security Technical Implementation Guide (STIGs) and Security Recommendation Guides (SRG).
• In-depth experience with Government procedures and policies, including Operations Security requirements.
• Strong understanding of technical principles, theories, and concepts.
• Ability to work under general direction and provide technical solutions to difficult problems.

Nice To Haves

• Advanced degrees in Computer Science, Information Systems, Engineering, or a related technical or scientific discipline.
• Working towards CISSP certification.
• Additional experience in cloud security, specifically with AWS services.
• Experience with other cloud environments (e.g., Azure, Google Cloud).
• Familiarity with containerization technologies (e.g., Docker, Kubernetes).
• Experience with automation tools (e.g., Ansible, Terraform).
• Advanced knowledge of security frameworks and compliance regulations.
• Experience with threat modeling and risk management.
• Strong communication and collaboration skills.

Responsibilities

• CI/CD Pipeline: Use enterprise, government-managed Continuous Integration / Continuous Deployment (CI/CD) pipeline for build, test, and deployment environments.
• Documentation: Create and maintain high-level system architecture diagrams and system requirements documents.
• Vulnerability Management: Conduct ongoing vulnerability testing to verify security features and operating controls. Implement corrective measures to prevent future security incidents.
• Compliance and Accreditation: Support the maintenance of active security authorizations for all projects/security plans (SPIDs). Ensure compliance with Assessment and Authorization (A&A) milestone requirements.
• Collaboration and Support: Work with program managers, system security engineers, and government security officials. Provide Tier 1 and Tier 2 support during non-business hours as required.
• Cloud-Based Software Operations and Security: Manage and secure cloud-based software applications, focusing on AWS cloud environments. Implement security measures in accordance with ICDs, NISP, NIST, and other guiding government regulations.
• System Security Plans: Prepare, maintain, and implement System Security Plans that accurately depict contractual requirements.
• Security Tools: Use security-relevant databases such as XACTA 360, Service+, Continuity Planning Tool (CPT), and Software Approval Process (SWAP).

Benefits

• At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.