Information Systems Security Officer

The National Security Sector of Leidos has a current job opportunity for an Information System Security Officer in Newport News, VA, or Lexington, MA. The successful candidate will work collaboratively with an outstanding team of software developers and engineers to continue to produce and field software on behalf of the US Air Force. Position requires US citizenship and current DoD Secret Security Clearance.

The ISSO will provide "cradle-to-grave" Information Assurance support for a dynamic US Air Force Command and Control program, including discovery, SSP preparation & maintenance, continual C&A, and security sustainment. The successful candidate will provide in-depth experience and technical knowledge of security engineering and network security to participate in and/or lead security related projects and provide mentoring and guidance to other security analysts and teammates.

Primary Responsibilities

• Conducting research, developing, implementing, testing, and reviewing a software application’s information security IAW DoD/NIST RMF requirements to protect information and prevent unauthorized access. In this role, the candidate will direct the team about security measures, explain potential threats, implement security measures, and monitor applications to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases.

• Hardening newly introduced software components using tools such as Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), and Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations

• Maintain and update existing ATO documentation, including System Security Plan (SSP), Service-Level Agreement (SLA), Incident Response Plan (IRP), Patch Management Plan, Ports, Protocols, and Services (PPS) document, Security Controls Traceability Matrix (SCTM)

• Maintain a STIG matrix and STIG checklists completed for each platform product

• Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS)

• Analyzing results of continuous security scans (from Fortify, SonarQube, ACAS, OWASP, etc) to add exclusions for false findings and coordinate issues for remediation by the software development team

• Running application vulnerability scans that meet mitigation requirements; continually maintain related tracking documentation in government accessible websites (e.g., Naval LIFT, eMASS)

• Working closely with chief engineer to establish a system security engineering (SSE) process to plan, organize, and manage program efforts to achieve maximum security and survivability of the system

• Working closely with government Cyber Security leads and government Information System Security Manager (ISSM) to support Interim Authorization to Operate (IATO), Authorization to Operate (ATO), No Security Impact (NSI), and Security Impact Analysis (SIA) certifications that will be required for releases of the developed program across unclassified and classified enclaves

• Supporting development and maintenance of a system-specific Plan of Action and Milestone (POA&M)

• Apply requirements of NIST 800-53 RMF Framework, understand the differences between NIST 800-53 revision 4 and revision 5.

Basic Qualifications

• Bachelor’s degree in information security, Information Systems, Cybersecurity, Information Technology or related discipline, or 8-12 years or additional experience may be substituted in lieu of degree.

• Active and current Secret clearance

• Ability to create metrics, documentation, presentations, and procedures and communicate results effectively

• Knowledge of Continuous Monitoring

• Experience in scanning and interpreting scan results

• Technical writing skills

• Position requires either Security+ or Certified Information Systems Security Professionals (CISSP) certification. If no CISSP, candidate must obtain CISSP certification within 6 months of hire date.

Preferred Qualifications

• Strong technical skills in a variety of the following areas: networking, CISCO, Windows OS platforms, database design/admin.

• Prior experience working with government ISSMs, SCAs (and SCA representatives), and AOs

• Vulnerability assessment and analysis experience utilizing SCAP, NESSUS and DISA STIGs

• Experience managing projects within the Atlassian suite of tools (Confluence, JIRA, Bitbucket)

• Experience working with a geographically distributed team

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.