Job Description BAE Systems Cybersecurity - Attack Surface Management has an opening for a Red Team Analyst Sr to improve overall security posture through authorized offensive security projects that identify gaps in IT security controls and processes. Position will manage cross functional engagements that include IT service centers, business sectors, and the security operations center. Scope can include the BAE Systems, Inc core network, business/program enclaves, and commercial and custom applications. Position manages engagements from end-to-end to include scope definition, detailed planning, stakeholder coordination, testing, reporting, and remediation coordination. This is an exciting opportunity to build and manage a program and work with a highly motivated team of cyber security professionals. Required Education, Experience, & Skills Technical requirements: - Expertise in attack tools and techniques - Ability to use and analyze information produced from various commercial and open source tools - Familiarity with large network infrastructure components (Load balancers, Proxies, hybrid cloud implementations, VPNs) - Familiarity with network and host-based security system components (Firewalls, Endpoint Protection Solutions) - Familiarity with modern virtualization platforms and technology. Required Skills - Experience managing red team projects from end-to-end (initial planning through remediation coordination) - Ability to coordinate activities with a wide range of stakeholders - Experience developing plans, creating reports, presentation, processes, etc. - Must be able to work across IT organizations to drive successful outcomes of the program - Ability to produce documentation in support of the program Preferred Education, Experience, & Skills Preferred Skills and Education - Computer Security related degree - 6+ years in a cybersecurity role, 3+ years in red team - Certifications related to red team and penetration testing such as OSCP, OSCE, OSWP, OSWE, GPEN, GWAPT, GXPN, GAWN - Experience with COTS Adversary Emulation tools Primary Duties and Responsibilities - Develop standard Red Team practice within ESS Cybersecurity. Define core processes, tools, and deliverables. - Simulate attacks on the organization's IT systems, networks, applications, and physical security to evaluate its security posture. Identify weaknesses that could be exploited by malicious actors and provide actionable recommendations to improve defenses. - Work under consultative direction from management within Cybersecurity. Develop and implement plans and work with stakeholders independently to plan and execute activities. - Develop detailed project plans that define technical approaches as well as impacts and requirements for stakeholders throughout the organization. - Technical approaches may require a high degree of creativity and flexibility. Problems may be highly complex. Testing may often uncover unknown/unforeseen circumstances that require change in direction or new approaches. Position requires ability to independently make sound decisions to maximize effectiveness of tests. - Must be able to maintain strong working relationships with stakeholders throughout the organization, including IT Operations, Applications, Network, GSOC, business sectors, etc. Stakeholders may be sensitive that simulated attacks may impact business operations. Position requires careful and responsible decisions regarding test approaches, and frequent and effective communications with stakeholders. - Consult with stakeholders on findings and required actions to improve defenses. Develop and maintain detailed tracking that identifies scope, tests completed, and findings. Work with stakeholder to ensure findings are remediated. - Serve as the Team Lead for the Red Team function within ESS Cybersecurity. Provide leadership and support to other Red Team Analysts on the team. Coordinate activities, ensure high quality delivery. - Promote a culture of ownership, transparency, and results driven- performance. Pay Information Full-Time Salary Range: $132962 - $226035 Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. About BAE Systems, Inc. BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.

Role Description Reporting to the Director of IT & Security, you will be responsible for supporting the business with detection and remediation of vulnerabilities and incidents. A key project will be the deployment of a SIEM/SOAR to help alert, detect, and remediate threats to the business. You will work closely with the wider IT team to build out our Vulnerability Management platform and support our drive towards SOC2 Type II certification. - Help deploy and manage the Security Information and Event Management (SIEM) application, monitoring security and compliance alerts and remediating any detected incidents. - Monitor key business systems for vulnerabilities and champion the remediation of vulnerabilities that are outside of IT’s purview. - Create processes and procedures to improve the company’s security posture. - Support the company’s drive for SOC2 Type II compliance. - Handle security incidents with the support of the IT team. Qualifications - 3-5 years of experience in Security and Compliance. - Experience in a SaaS first company with a remote workforce is a plus. - Experience with SIEM application deployment and management. - Experience with Google Workspace. - Experience with EDR tools (Jamf Protect, SentinelOne preferred but not required). - Familiarity with Google Cloud Platform. - Familiarity with Vanta or other SaaS security compliance and management tools. - Familiarity with automation, for instance with an automation platform like Zapier, or scripting tools like Python. Requirements - This role has an annual salary range of $85,000 to $105,000 CAD. - Where an offer falls within this range is determined through the interview process. - Compensation progression is tied to demonstrated performance, expanded scope, and sustained contribution over time, not tenure alone. Benefits - Comprehensive benefits and total rewards package designed to support our team as they grow with us. DEI Commitment Viral Nation is committed to diversity, equity and inclusion in our agency. Viral Nation welcomes applications from people with visible and non-visible disabilities. Accommodations are available on request for candidates taking part in all aspects of the recruiting and selection process.

• Collaborate with stakeholders to design and operate security controls that comprise the LaunchDarkly GRC program • Use technology to automate compliance activities like gathering evidence and verifying controls • Operationalize the health and maturity of the program by tracking metrics based on quantitative and qualitative data • Drive progress towards results for GRC-related continuous improvement projects • Contribute to documentation for security standards, policies, and processes • Support audits and assessments with internal and external stakeholders • Work with product and infrastructure delivery teams on engineering projects related to GRC requirements

• Perform a comprehensive cybersecurity risk assessment and deliver a prioritized remediation plan. • Design and implement the organization's overall security strategy and roadmap. • Establish security monitoring, incident response, and threat detection processes. • Lead and mature Microsoft 365 and Azure security posture (Defender, Entra ID, Sentinel, Purview). • Own SOC 1 and SOC 2 compliance readiness and audit preparation. • Define and enforce IAM policies, MFA standards, and Zero Trust principles. • Develop and maintain security policies, standards, and documentation. • Evaluate and manage third-party vendors and SaaS platform security risks. • Oversee vulnerability management: assessments, tracking, prioritization, and remediation coordination. • Lead incident response, including coordination with MSPs, infrastructure teams, and leadership. • Establish security awareness programs and build a security-conscious culture. • Manage and mentor the Cybersecurity Analyst, providing technical direction and growth opportunities. • Report cybersecurity risks and program status to senior leadership. • Evaluate and recommend security tools and technologies.