Senior Principal Cyber Engineer
Rome, NY, USA | BAE Systems
Functions:IT / Information Technology
Job Description:92 people have viewed this job
The GXP and AGS teams develop innovative sensor data processing and analytics software products and services. Our team has grown significantly since 2002, increasing revenue by 10x and greatly increasing the size of the team. We have facilities in San Diego California, Rome New York, and Durham North Carolina.
The Engineering Support team for AGS is responsible for a number of common resources and capabilities that a member of the team is expecting to often support. This requires a candidate to be flexible, a superior problem solver; enjoy learning, creating, and implementing new technology and processes.
The Engineering Support team is specifically responsible for the following areas in AGS
Enterprise Engineering DevOps
Cloud Engineering DevOps and DevSecOps
Modeling and Simulation
A candidate will be supporting our cloud dev operations by helping to roll out security changes via configuration, scripting, or AWS service. Additionally they will take part in penetration testing events.
A candidate can grow with their interests into other areas of the Engineering Support team or development.
A successful candidate must demonstrate:
An education background in software, computer engineering, or IT
An understanding of how to provide security solutions that balance security and efficient development
An understanding of how to move between technologies and scripting languages as well as learn new ones with ease
A desire to work with, communicate, and assist developers and IT professionals
Enjoy urgency and change
An understanding of how to be a hero to your customers (Dev) by working with them to help them be more efficient and by describing (passively training) them on vulnerabilities and real world examples.
Please note that pursuant to a government contract, this specific position requires US citizenship status
Typical Education & Experience
Typically a Bachelor's Degree and 8 years work experience or equivalent experience
Required Skills and Education
8 Years Experience with software development, computer management, network and computer security, application pen testing
Highly motivated and able to work well in both team and solo settings.
Familiar with common classes of software vulnerabilities / security bugs and how they are exploited, including both web-based attacks (injections, traversals, deserializations), and memory corruption attacks (BO, Heap exploitation).
Able to work under consultative direction toward long-range goals and objectives.
Experience developing solutions to problems of unusual complexity that require a high degree of ingenuity, creativity and innovativeness.
Able to face problems that are unique in the organization, and find solutions that may serve as precedent for future decisions.
Familiarity with NIST Special Publication 800-53
Excellent communication and interpersonal skills, and willingness to mentor other developers in secure software practices.
Humility, empathy, patience, a desire to learn, and help teammates learn.
Bachelor's Degree in a computer related field
Preferred Skills and Education
Experience with Cloud Providers such as AWS or Azure
Familiarity with managing both Windows and Linux
Experience with cloud automation via configuration such as cloud formation or Terraform
Experience with scripting or programming languages and automation
Experience with asset and user management of a computer network
BS and 8 years, or MS and 6 years of professional engineering experience in Software or Systems Engineering
CISSP, CSSLP, or OSCP certified (or better: OSCE, OSEE)
Experience with Federal cybersecurity accreditation processes and standards (DIACAP, RMF, CJIS, etc)
Experience creating security accreditation packages
Experience designing and implementing secure cloud environments (AWS)
Experience designing, documenting, and implementing multi-faceted security solutions that include technological, administrative, and procedural controls.
Pen testing experience and experience leading or coordinating a team of pen testers.
Bug hunting / Bug bounty experience; experience discovering and validating security bugs and developing proof-of-concept software exploits against a single application. Multi-system web application bug hunting experience is a plus.
Alrdeady a member? Sign In