Assessment & Authorization Engineer

The BAE Systems team is looking for a Cyber Security/Information Assurance A&A Engineer. This A&A Engineer will serve as an Information Systems Security Officer (ISSO) and will be responsible for security processes and implementation supporting a large customer on a new multi-year contract. Responsibilities include the performance, review, and conduct of technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies to the team.

The ideal candidate should have at least 1-2 years of experience in Information Assurance positions and experience with implementing and authorizing large scale systems. This position is targeted for both dedicated support roles and short term reactive support and proactive engagements where occasional, 2-7 day trips to other customer facilities may be required 2-3 times per year.

This position is a challenging role in a multi-contractor team supporting a fast moving program for multiple customers and/or projects. This requires expertise in Information Assurance and Assessment & Authorization for a large scale, distributed environment. As part of the BAE Systems team, you be required to work directly with our Customers as well as provide occasional consulting on related projects including occasional proposal support. This role requires a self-starting engineer that can work either individually or as part of a team.

Minimum Education and Experience Bachelor’s Degree and 5 years work experience or equivalent experience Required Skills and Education

  • Expert knowledge and experience in A&A with ICD-503
  • Knowledge of NIST 800-53, DIACAP, and DODIIS security requirements
  • Experience with system hardening including STIGs
  • Proficiency in validating and verifying system security requirements definitions and analysis and establishes system security designs for controls
  • Ability to design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements
  • Experience with building IA into systems and services deploying into operational environments at multiple classification levels
  • Ability in assisting architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.
  • Experience with assessing and mitigating system security threats/risks throughout the program life cycle.
  • Knowledge of security planning, assessment, risk analysis, risk management, and awareness activities for system and networking operations.
  • Experience with creating and reviewing A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.


ITIL V3 Foundations is desired

DoD 8570 certification (Security+)

Preferred Skills and Education

  • Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification
  • Proficiency in scanning systems and assisting the team in remediating vulnerabilities
  • Proficiency in the development and maintenance of System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, and Plan of Action & Milestones
  • Strong Windows administration and hardening experience
  • Strong network and host security background in Windows
  • Hyper-V, SCCM, WSUS, and patching experience
  • Outstanding communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels
  • Ability to communicate effectively with senior management in government and contractor teams
  • Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders
  • Experience working on and supporting classified networks
  • Familiarity with cloud and virtual hosting environments


  • Experience implementing a ICD-503 based A&A processes using XACTA
  • Security architecture design experience
  • Experience with ACAS, and other scanning tools
  • Master’s degree in IA/Cyber Security/Computer Science
  • Active Directory (architecture, design, disaster recovery and troubleshooting), IIS and ISA.
  • Debugging skills in the Windows Platform
  • Background with Windows 7 and Windows 10 client
  • Experience with network captures and network troubleshooting

Advanced IT certifications— technical certifications such as CISSP, RHCE, CCIE, SANS, etc. is a plus

Advanced IT certifications— technical certifications such as CISSP, RHCE, CCIE, SANS, etc. is a plus

About BAE Systems Intelligence & Security BAE Systems Intelligence & Security, based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do—from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. That’s BAE Systems. That’s Inspired Work.

Equal Opportunity Employer/Females/Minorities/Veterans/Disabled/Sexual Orientation/Gender Identity/Gender Expression. To see Inspired Work in action, visit and follow us on Facebook: EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression

Back to top