Leidos is a FORTUNE 500 company bringing a mix of innovative technology and sector expertise to customers in the national security, engineering, and the health industries.
The Defense Group/Army and Mission Partners (AMP) Division of Leidos has an opening for a highly experienced Cybersecurity Subject Matter Expert who will support programs and strategic opportunities. The AMP division is responsible for performance of enterprise IT and Cybersecurity programs for Army and its agencies, including development and execution of the new business pipeline.
The Cybersecurity Operations Manager/SME will lead our team in providing enterprise cybersecurity services for a critical Army program and will provide Subject Matter Expertise to other Army programs in the Area of Cybersecurity.
This selected candidate will provide leadership, technical direction and guidance to a cybersecurity engineering and operations team to develop, implement, maintain, and update the cybersecurity control baseline for enterprise IT systems and applications in accordance with DoD, Army policies and procedures. In addition, as a SME, the selected candidate will be supporting the program security architects in the development of security controls, mentoring others in technical security concepts and ensuring secure cloud practices are followed. Position will play a meaningful role in maintaining the controls that enable the customer organizations to operate expertly, cost effectively, and within compliance standards. In this position, the candidate will
Lead and assist AMP programs in interpreting, understanding, and applying information security policies and standards to mitigate information security risks.
Develop positive partnerships and work closely with other members of the customer and Leidos Information Security and Legal Compliance organizations in a coordinated and focused manner. The Cyber Security Operations manager/SME will be part of a fast-paced, high-functioning team performing critical work for important customer organizations.
The Cybersecurity Operations Manager/SME shall manage all cybersecurity operations and related processes based on Government-approved ITSM processes consistent with industry best practices. The cybersecurity operations manager is tasked with overall leadership of TO governance, risk, and compliance; making certain operations set, comply, and monitor IAW regulations, policies, and processes. In this role, the candidate will have lead responsibilities for program operations and will also support AMP programs to ensure application of best practices across the portfolio.
The Cybersecurity Operations Manager/SME shall possess the following capabilities and have experience in:
Participating in client strategic design process to translate security and business requirements into technical designs;
Providing Cybersecurity Enterprise Architecture (CEA) support to implement controls to support compliance for the designated system categorizations.
Leading cyber security engineers who are embedded in agile teams to apply systems cyber security engineering assurance baselined on DISA IA Support Environment (IASE) guidance and security best practices as well as commercial security best practices.
Supporting the Vulnerability and Threat Management (VTM) continuous monitoring strategy, tactics, techniques, and procedures (TTPs), and processes for continuous monitoring and management of known and emerging vulnerabilities and threats.
Managing and executing the NIST RMF and DoD cyber security policies in accordance with the responsible AO’s cybersecurity assessment and authorization (A&A) program implementation.
Integrating cyber security engineering expertise into agile development and test processes via technical and change control review, as described in the applicable project management, systems engineer, software development and configuration management plans, processes, and procedures.
Planning, monitoring, and executing RMF and cyber security-related tasks and activities daily, coordinating with the agile engineering and project milestones to ensure proactive and early insertion of the cyber security requirements.
Coordinating support to enter, monitor, track, and update the status of operational baseline issues via the POA&M record through to resolution.
Monitoring information systems for security incidents and vulnerabilities. This includes developing monitoring and visibility capabilities as well as reporting on incidents, vulnerabilities and trends.
Responding to information system security incidents, including the investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
Supporting investigation of computer and information security incidents to determine extent of compromise to information and automated information systems.
Assisting and leading teams in computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, network assessments, researching and maintaining proficiency in tools, techniques, countermeasures, trends in computer network vulnerabilities, data hiding, and network security and encryption.
Designing, developing, or providing recommendations for integrated system solutions, ensuring proprietary/confidential data and systems are protected.
Configuring and validating secure systems, and test security products/systems to detect computer and information security weakness.
Developing IT security architectural artifacts, providing architectural analysis of the security features and relating the existing system to future customer requirements.
Continuously evaluating the organization's existing application security practices, help to define, standardize, and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the customer organization.
Bachelor’s degree and 12+ years’ experience or a Master’s degree and 10+ years’ experience.
5+ years’ experience with all phases of IA and accreditation processes, securing IT systems and services using Government and industry IA standards, policies, guidelines, and best practices.
5+ years’ experience managing and leading a security operations staff with skills applicable to a project environment similar in size and scope referenced in this TO.
5+ years’ experience successfully managing information security risks to include completing the entire A&A process including receiving ATO for the cloud.
Must have relevant and progressively responsible experience leading teams and managing NIST RMF and DoD cyber security policies in accordance with program cybersecurity assessment and authorization (A&A) implementation
Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as NIST SP 800-53, and FedRamp
Possesses a DoD 8570 IAM level III Certified Information Systems Security Professional certification (CISSP) OR approved equivalent current DoD 8570 IAM Level II certification.
Must have an active DoD TS/SCI security clearance.
ITIL® v3 Practitioner or ITIL® V4 equivalent or ability to obtain the certification prior to proposal submission
Possess excellent interpersonal and communication skills
Ability to work well with people from many different disciplines with varying degrees of technical experience
Excellent verbal and written communication skills.
Ability to multi-task and work in a dynamic, fast-pace environment.
Demonstrated ability to participate in cross-functional planning, coordination, and task execution
Five years of experience with encryption devices and procedures as they relate to networks and data.
Five years of experience with Federal governance, risk, and compliance management.
Pay Range:Pay Range $139,750.00 - $215,000.00 - $290,250.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Covid Guidance for the US
In order to enter Leidos facilities in the U.S. and to attend Leidos events outside our facilities, employees are required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. In addition, we are receiving guidance from certain customers that onsite contractor personnel will need to be fully vaccinated to access customer facilities. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC.
Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 44,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $13.7 billion for the fiscal year ended December 31, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.