Job Description

Cyber Security Engineer will validate, to a base level of assurance, the Sector information system/environment RTG’s and PoAM’s in accordance with Systems Cybersecurity Control Standard compliance requirements, and document any questions or deficiencies.

Duties:

• Validation of Plan of Action and Milestones (POAMs) and Return to Green (RTG) plans
• Prepare for validation using the environment’s System Security Plan (SSP). System Assessment Report (SAR), and POAMs and RTGs
• Plan and execute validation using established BAE Systems remediation validation plan
• Perform adequate assessment and validation of remediation
• Remediation validation assessment report
• Remediation validation assessment final report

Will acquire Sector information system/environment SSPs, SARs, RTG's, and POAM's. RTGs and POAMs will be tracked in an OCISO tool and Sector remediation milestones will be documented by the Sectors; will evaluate the status, develop a project plan for each Sector for developing the validation plans for the RTG/POAM. Document  plans, gaps, recommendations and validation steps required and any broader consideration each control and the potential impacts of each on other systems. Will independently assess the adequacy and compliance of security controls applied and conduct testing and evaluation of security controls to determine the extent to which the controls are designed appropriately, implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the assigned information system and environment.

• Independently review security artifacts provided by Sectors and other organizations, and assess both the technical and functional adequacy of the cyber security/information assurance controls.
• Perform the Independent Verification and Validation (IV&V) to include providing feedback to submitters on non-compliant security controls.
• Review the System Security Plan (SSP), prior to initiating the security control validation to develop an understanding of the information system/environment and the documented set of security controls to meet the stated security requirements.
•  Maintain and execute processes for reviewing and routing of reports.
• Develop, update and manage listing of recommended enterprise security controls/enhancement.