BAE Systems is seeking an individual to fill the role of a Cyber Systems Software Engineer (ISSO). The role ensures the security and compliance of software systems throughout the software development lifecycle within the DoD environment. The role focuses on Software Assurance, Information Assurance, Information Technology (IT), Systems Engineering, and compliance with DoD cybersecurity requirements, frameworks, and operational risk management. The ISSO will participate in technical design reviews and engineering lifecycle events to ensure security-by-design principles are implemented across all system components.

Responsibilities include:

• Software Assurance
  • Apply secure software development lifecycle (SSDLC) practices
  • Perform threat modeling, static/dynamic code analysis
  • Conduct code reviews using Fortify, SonarQube, Veracode, etc.
  • Manage CVE remediation in government codebases
• Information Assurance & RMF Compliance
  • Develop and maintain RMF packages (SSP, SAP, SAR, POA&M, ConMon)
  • Support ATC/ATO authorization packages
  • Perform continuous monitoring of software systems
  • Ensure compliance with Zero Trust Architecture (ZTA) requirements
• Software Compliance
  • Ensure adherence to DFARS 252.204-7012, NIST 800-171, and CMMC
  • Manage OSS licensing compliance, SBOM documentation (CycloneDX, SPDX)
  • Oversee secure deployment per DoDI 5000.90, DoDI 8500.01
  • Mitigate software supply chain risks
• Design Review & Systems Engineering Integration:
  • Participate in technical design reviews to ensure integration of cybersecurity requirements
  • Collaborate with Systems Engineering and IT teams during architecture planning and development phases
  • Review engineering artifacts for traceability, security controls, and compliance with software assurance principles
  • Evaluate system-level risks introduced during design and integration phases

Pursuant to Government contract, this position requires US Citizenship status

ASFS

• Bachelors degree in Computer Science, Cybersecurity, Information Assurance, or related field
• Minimum 7 years in cybersecurity roles, 4 years in ISSO or Information Assurance
• Secret Clearance
• IAM Level II (Security+)
• Experience with RMF, STIGs, NIST SP 800-series, DIACAP, or FedRAMP
• Direct involvement in systems engineering or IT implementation projects in secure environments
• Hands on experience with incident management and response
• Experience with Network Operations Center

• IAM Level III Certification (DoD 8140/8570 compliant)
• Technical Skillset
  • Secure programming in C, C++, Java, Python, JavaScript
  • Code scanning and analysis tools: Fortify, SonarQube, Veracode
  • Vulnerability management: ACAS, Nessus, SCAP
  • RMF tools: Xacta, eMASS
  • SIEM: Splunk, ELK Stack
  • SBOM Tools: Syft, Anchore
  • Container security knowledge: Docker, Kubernetes
  • Experience with IT automation, CI/CD pipelines, DevSecOps
• Competencies and Soft Skills
  • Agile / DevSecOps Methodologies
  • Experience with IL5/IL6 cloud-native solutions
  • Risk communication to AOs and technical leadership
  • Strong collaboration with IT and Systems Engineering teams
  • Excellent technical documentation and briefing skills