Lead Cybersecurity Auditor/Assessor

At Leidos, we help our customers execute programs for the world’s most critical missions. We respond to challenges and deliver next generation of agile, cohesive solutions for today’s rapidly changing environment. Leidos is seeking a highly skilled Lead Cybersecurity Auditor/Assessor to join the Defensive Cyber Operations team within our Digital Modernization Sector. This position will be responsible for leading and executing comprehensive security audits and assessments of IT systems, networks, applications, and processes, ensuring compliance with industry standards, regulations, and best practices. You will be responsible for planning and executing complex audits, evaluating security controls, identifying vulnerabilities, and providing actionable recommendations to improve the organization’s security posture. As the technical lead, you will work closely with IT teams, Compliance officers, and senior management to communicate findings, develop recommendation strategies, and ensure alignment with organizational goals.

This role requires a strong bled of technical expertise and leadership skills, as you will guide and mentor junior auditors, manage assessment teams, and refine audit methodology for consistent evaluations. The ideal candidate will have a proactive approach to identifying and mitigating risks, staying updated on emerging threats and security advancements. Your work will be instrumental in driving continuous improvement across the organization’s cybersecurity risk management processes, enhancing bot resilience and compliance.

Primary Responsibilities
•Leading the planning, execution, and management of cybersecurity audits and assessments, ensuring thorough evaluation of IT systems, networks, applications, and processes.
•Evaluating security controls against frameworks such as NIST CSF, NIST SP 800-53, ISO27001, and other relevant standards and regulations, ensuring compliance and risk management.
•Analyzing vulnerabilities, identifying risk, and provide actionable recommendations for risk mitigation and improving security posture.
•Conduct red team and penetration testing to identify vulnerabilities across IT systems, networks, and applications, simulating adversarial techniques to evaluate defense. 
•Collaborate with necessary parties to identify gaps, verify remediation efforts, and enhance security controls and processes.
•Develop and maintain audit/assessment documentation, including work instructions, reports, and findings, ensuring accuracy and completeness.
•Provide technical guidance, training, and mentorship to junior cybersecurity auditors/assessors, fostering skill development and knowledge transfer.
•Coordinate with stakeholders to ensure a clear communication of audit results, risk assessments, improvement plans, and technical roadmaps.
•Stay updated on evolving cybersecurity threats, regulatory requirements, and best practices to ensure assessments are current and effective
•Contribute to the development and enhancement of audit/assessment methodologies, tools, and processes.

Basic Qualifications
•Master's degree and 15+ years experience in Computer Science (CS), Information Management (IM), Information Technology, or Engineering relevant technical experience. Additional experience may be substituted for a degree.
•Excellent written and verbal communication and interpersonal skills with all levels of stakeholders
•Proven experience leading cybersecurity audit/assessment projects, including the planning, execution, and management of complex assessments of IT infrastructure, networks, cloud environments and applications.
•Strong working knowledge of cybersecurity frameworks and standards such as NIST CSF, NIST SP 800 Series, CIS Controls, federal regulations and mandates, with hands-n experience in applying these standards to assess security control implementation and compliance.
•Experience in conducting risk assessments, penetration testing, and vulnerability assessments, as well as analyzing and documenting findings for technical and non-technical audiences.
•Demonstrated experience using security assessment tools (e.g., Nessus, Qualys, Burp Suite,) and compliance tools (e.g., Splunk, RSA Archer, Rapid 7) to identify security gaps and evaluate risk management controls.
•Experience  collaborating with cross-functional teams, including IT, compliance, cybersecurity, and management, to prioritize risks, develop remediation plans, and support security improvement initiatives.
•Demonstrated understanding of adversary tactics, techniques, and procedures (TTPs), including the ability to simulate advanced persistent threats (ATPs) and conduct multi-stage attack chains.
•Proficiency with industry-standard tools such as Kali Linux, Metasploit, Burp Suite, Nmap, Cobalt Strike, or similar for executing penetration test and red team exercise.
•Strong background in creating detailed audit reports, workpapers, and documentation that comply with audit standards and provide actionable recommendation on risk mitigation.
•Experience in mentoring and training junior team members, fostering professional development and enhancing team effectiveness. 
•Demonstrated ability to work in a customer environment collaboratively through constraints to meet mission milestones.
•Breadth of experience and/or expertise in Wide Area Networks, Zero Trust, Cyber Security Incident Handling and Countermeasures, NOC Operations, System Architecture, Cloud Architecture, Service Delivery, and ‘as a Service’ models.
•Must have proven track record of critical thinking and developing creative problem and hard problem solutions with a focus on outcome-based delivery of meaningful innovations. 
•Experience with large programs and performing technology assessments and creating capability roadmaps.
•Self-motivated and focused on delivering outcomes with the ability to work independently and in teams.

Preferred Qualifications
•Experience in government, federal or regulated industry environments, with an understanding of specific compliance requirements (e.g., FISMA, FedRAMP, CMMC).
•Familiarity with cloud security audits and assessments, specifically in cloud platforms like AWS, Azure, or Google Cloud, including evaluating controls and configurations. 
•Prior experience working is Security Operations Centers (SOCs) or with incident response teams, contributing to cybersecurity investigations and responses. 
•Experience with Network Operation Center, Defensive Cyber Operations, and Data Center operational processes. 
•Experience in presenting audit results to executive leadership, boards, or government stakeholders with the ability to effectively convey complex technical concepts in a clear and concise manner.
•CISSP, CISM or equivalent industry recognized certification.

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.