Sr Principal Systems Security Engineer
BAE Systems, Inc. · Nashua, NH · 2 wk ago
HybridInformation Technology$133k–$226k/yrFull-time
About the role
The Senior Principal Systems Security Engineer will lead the integration of security engineering practices across the full systems development lifecycle (SDLC) for mission-critical DoW programs. This role is grounded in the principles of NIST SP 800-160 (Systems Security Engineering) and emphasizes proactive security-by-design rather than reactive compliance.
Responsibilities
- Lead systems security engineering activities across all phases of the SDLC, including concept definition, requirements analysis, architecture and design, implementation, integration, verification and validation, deployment, and sustainment
- Define, decompose, and allocate security requirements to system elements (hardware, software, firmware, and interfaces) ensuring traceability from threat models through verification evidence
- Develop and maintain security architectures, including protection strategies, trust boundaries, security-relevant data flows, and attack surface analyses for complex DoD systems
- Conduct and lead threat modeling, Systems-Theoretic Process Analysis for Security (STPA-Sec), and adversarial analysis to inform design trades and risk acceptance decisions
- Drive the integration of security into Development Security Operations (DevSecOps) pipelines, including automated security testing, static/dynamic analysis, container security, and secure CI/CD practices
- Lead Assessment and Authorization (A&A) activities for DoD systems in accordance with the Risk Management Framework (RMF), including security control selection, implementation, assessment, and continuous monitoring
- Author and maintain security engineering artifacts including System Security Plans (SSPs), Security Concepts of Operations (CONOPS), Security Control Traceability Matrices (SCTMs), and risk assessment reports
- Evaluate and apply applicable STIGs, SRGs, and security benchmarks to system components, and develop Plan of Action and Milestones (POA&Ms) for residual risks
- Provide technical leadership and mentorship to cybersecurity engineers, systems engineers, and software developers on secure design principles and security engineering best practices
- Engage with government customers, authorizing officials, and cross-functional program teams to communicate security posture, risk decisions, and compliance status
- Support proposal development, technical volume writing, and independent review of security architectures for new business pursuits
Requirements
Required Education, Experience, & Skills:
- Lead systems security engineering activities across all phases of the SDLC, including concept definition, requirements analysis, architecture and design, implementation, integration, verification and validation, deployment, and sustainment
- Define, decompose, and allocate security requirements to system elements (hardware, software, firmware, and interfaces) ensuring traceability from threat models through verification evidence
- Develop and maintain security architectures, including protection strategies, trust boundaries, security-relevant data flows, and attack surface analyses for complex DoD systems
- Conduct and lead threat modeling, Systems-Theoretic Process Analysis for Security (STPA-Sec), and adversarial analysis to inform design trades and risk acceptance decisions
- Drive the integration of security into Development Security Operations (DevSecOps) pipelines, including automated security testing, static/dynamic analysis, container security, and secure CI/CD practices
- Lead Assessment and Authorization (A&A) activities for DoD systems in accordance with the Risk Management Framework (RMF), including security control selection, implementation, assessment, and continuous monitoring
- Author and maintain security engineering artifacts including System Security Plans (SSPs), Security Concepts of Operations (CONOPS), Security Control Traceability Matrices (SCTMs), and risk assessment reports
- Evaluate and apply applicable STIGs, SRGs, and security benchmarks to system components, and develop Plan of Action and Milestones (POA&Ms) for residual risks
- Provide technical leadership and mentorship to cybersecurity engineers, systems engineers, and software developers on secure design principles and security engineering best practices
- Engage with government customers, authorizing officials, and cross-functional program teams to communicate security posture, risk decisions, and compliance status
- Support proposal development, technical volume writing, and independent review of security architectures for new business pursuits
Preferred Education, Experience, & Skills
- Master’s degree in Systems Engineering, Cybersecurity, or related field
- Active TS/SCI security clearance
- CISSP, ISSEP (Information Systems Security Engineering Professional), or equivalent certification
- Experience with Model-Based Systems Engineering (MBSE) tools (e.g., Cameo, SysML) applied to security architecture
- Familiarity with System-Theoretic Process Analysis for Security (STPA-Sec) tooling and processes
- Experience with zero trust architecture design principles and implementation
- Knowledge of cross-domain solutions, multi-level security architectures, and secure system integration patterns
- Experience supporting security engineering for embedded systems, real-time systems, or weapon system platforms
Pay
Full-Time Salary Range: $132962 - $226035