Information Assurance Engineer
The Defense group at Leidos has a career opening for an Information Assurance Engineer on a DISA contract. This role is primarily on the customer site at Ft. Meade, MD. The information Assurance Engineer will provide "cradle-to-grave" support for assigned systems at the Defense Information Systems Agency (DISA).
- Perform ISSO responsibilities, including acting as a point of contact and subject matter expert for all cybersecurity related aspects to the assigned information systems, ensuring systems are maintained per security policies and procedures and maintaining compliance and ongoing reporting to management.
- Conduct regular briefings with the customer on cybersecurity status, including preparing briefing materials.
- Work closely with government Information Assurance team to support Authorization to Operate (ATO) accreditation conditions and requirements. Coordinate and support site visits / audits, including System Readiness Reviews (SRR) and Site Assistance Visits (SAV).
- Author, review, coordinate and submit required artifacts to eMASS (including change requests) to achieve milestones such as Interim Authority to Test (IATT) and ATO in accordance with the project schedule.
- Submit and gain approval of Ports, Protocols and Services Management (PPSM) updates, including CLSA and exception form submissions.
- Develop and update assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems.
- Procedures (TTP), Plan of Action and Milestones (POA&M) and Federal Information Security Management
- Perform information system Assessment and Authorization planning, testing, assessing and liaison activities, including security scans, scan results analysis and audit trail log reviews. Document scan results and findings according to NIST Risk Management Framework (RMF) processes. Conduct regular privileged user management reviews. Evaluate software and hardware during pre-acquisition phases to determine its ability to meet minimum security requirements based on NIST SP 800-53 security controls.
- Assist with the implementation of security procedures, and verify information system security requirements, including coordinating the execution, review, and disposition of STIG checklists for systems, applications, developed code and other components.
- Conduct ongoing security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities.
- Requires BS degree and 8+ years of prior relevant experience.
- Active DoD Secret Security Clearance and ability to obtain a DoD Top Secret clearance.
- Hold and active security certification that meets DOD 8570 IAT level II or higher, such as Security+
- The qualified candidate shall have excellent customer service skills and the ability to work independently, prioritize, schedule, and complete multiple tasks.
- Ability to multi-task and self-assign work in a fast-paced environment.
- Strong communication skills that enable proactive and effective collaboration with a virtual team, including the ability to clearly articulate status and present to both customers and program leadership. Candidate shall have the ability to develop and present management level briefings.
- Demonstrate potential and willingness to learn and adapt to rapid changes in technology.
- Vulnerability assessment and analysis experience utilizing ACAS/NESSUS and DISA STIGs
- Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DSS, etc.)
- NIST RMF Assessment and Authorization (A&A) experience.
- Experience with operating IT security tools, such as ACAS, HBSS, DISA STIGs
- Cloud/AWS accreditation experience.
- Prior experience working Cybersecurity in accordance with US Government (USG), Department of Defense (DOD)
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.