Job Description
Description
The National Security Sector of Leidos has a current job opportunity for an Information System Security Officer in Newport News, VA, or Lexington, MA. The successful candidate will work collaboratively with an outstanding team of software developers and engineers to continue to produce and field software on behalf of the US Air Force. Position re q uires US citiz e nsh i p and current D o D Secret S e curity Cl e aranc e .
The ISSO will provide "cradle-to-grave" Information Assurance support for a dynamic US Air Force Command and Control program, including discovery, SSP preparation & maintenance, continual C&A, and security sustainment. The successful candidate will provide in-depth experience and technical knowledge of security engineering and network security to participate in and/or lead security related projects and provide mentoring and guidance to other security analysts and teammates.
Primary Responsibilities - Conducting research, developing, implementing, testing, and reviewing a software application's information security IAW DoD/NIST RMF requirements to protect information and prevent unauthorized access. In this role, the candidate will direct the team about security measures, explain potential threats, implement security measures, and monitor applications to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases.
- Hardening newly introduced software components using tools such as Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), and Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations
- Maintain and update existing ATO documentation, including System Security Plan (SSP), Service-Level Agreement (SLA), Incident Response Plan (IRP), Patch Management Plan, Ports, Protocols, and Services (PPS) document, Security Controls Traceability Matrix (SCTM)
- Maintain a STIG matrix and STIG checklists completed for each platform product
- Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS)
- Analyzing results of continuous security scans (from Fortify, SonarQube, ACAS, OWASP, etc) to add exclusions for false findings and coordinate issues for remediation by the software development team
- Running application vulnerability scans that meet mitigation requirements; continually maintain related tracking documentation in government accessible websites (e.g., Naval LIFT, eMASS)
- Working closely with chief engineer to establish a system security engineering (SSE) process to plan, organize, and manage program efforts to achieve maximum security and survivability of the system
- Working closely with government Cyber Security leads and government Information System Security Manager (ISSM) to support Interim Authorization to Operate (IATO), Authorization to Operate (ATO), No Security Impact (NSI), and Security Impact Analysis (SIA) certifications that will be required for releases of the developed program across unclassified and classified enclaves
- Supporting development and maintenance of a system-specific Plan of Action and Milestone (POA&M)
- Apply requirements of NIST 800-53 RMF Framework, understand the differences between NIST 800-53 revision 4 and revision 5.
Basic Qualifications - Bachelor's degree in information security, Information Systems, Cybersecurity, Information Technology or related discipline, or 8-12 years or additional experience may be substituted in lieu of degree.
- Active and current Secret clearance
- Ability to create metrics, documentation, presentations, and procedures and communicate results effectively
- Knowledge of Continuous Monitoring
- Experience in scanning and interpreting scan results
- Technical writing skills
- Position requires either Security+ or Certified Information Systems Security Professionals (CISSP) certification. If no CISSP, candidate must obtain CISSP certification within 6 months of hire date.
Preferred Qualifications - Strong technical skills in a variety of the following areas: networking, CISCO, Windows OS platforms, database design/admin.
- Prior experience working with government ISSMs, SCAs (and SCA representatives), and AOs
- Vulnerability assessment and analysis experience utilizing SCAP, NESSUS and DISA STIGs
- Experience managing projects within the Atlassian suite of tools (Confluence, JIRA, Bitbucket)
- Experience working with a geographically distributed team
Original Posting Date: 2025-01-08While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $104,650.00 - $189,175.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
Job Tags
Interim role, Local area, Immediate start,