The IT Security Engineer I possess basic technical knowledge of Cybersecurity principals. In coordination with the Government, supports integration of new and existing information systems to ensure that appropriate controls exist, that processing is efficient and accurate, and that systems are in compliance with standards, guidelines, and regulations.
Duties may include the following:
Comply with NASA Cybersecurity requirements as defined in NPDs, NPRs, NIDs, Cybersecurity and Privacy Division Handbooks, and NASA Standards as identified in the Applicable Documents List, and Security Requirements for Unclassified Information Technology Resources. Local Center policies are applicable for any Cybersecurity requirements that are not explicitly cited in the applicable documents list, Cybersecurity Requirements for Unclassified Information Technology Resources, unless superseded by law or statute; or by additions or updates to NASA policy documentation. Support NASA CIO's goal of strengthening and improving Cybersecurity.
Apply Cybersecurity & Privacy Program (CSPP) requirements to all data residing on NASA IT resources. IT resources means any hardware or software or interconnected system or subsystem of equipment, that is used to process, manage, access, or store electronic information and includes operational technology.
Maintain current on industry knowledge, skills, and abilities in Cybersecurity technologies and services. Evaluate new approaches and emerging technologies for possible recommendations to the NASA Cybersecurity and Privacy Program.
Follow NASA Incident Response Management procedures and policies and ensure coordination of its Incident Response team with the NASA SOC. The Contractor shall promptly report to the NASA SOC any suspected computer or network incidents occurring on any systems the Contactor provides or for which they have operational responsibility. The Contractor shall provide all necessary assistance and access to the affected systems so that a thorough investigation can be conducted, problems remedied, and lessons learned documented. Handle security logs and audit information according to evidence preservation procedures.
Provide the NASA SOC real-time, electronic access to all asset information and CM information for all devices provided under this contract and in support of this contact.
Report the theft or loss of any device that may contain NASA information, in accordance with NASA incident reporting policy and procedures.
Implement technology-related requirements and standards established by the NASA CIO, CSPP and the SOC.
Provide technical support for NASA vulnerability scans. Inform Cybersecurity stakeholders of new and/or ongoing activities, topics, or trends related to vulnerability management.
Collaborate and coordinate with NASA the implementation of practices that assess and quantify risk.
Provide a mechanism to imbed Cybersecurity capabilities within organizations through customer funding for dedicated Cybersecurity compliance support.
In coordination with Agency configuration management, draft requirements and configuration guidelines for securely configured computer systems in multiple environments, including UNIX, Windows, Mac OS, and mobile device platforms.
Monitor and analyze system logs and network monitoring tool logs. Report all violations to the NASA SOC promptly and notify the local Cybersecurity Official.
Provide system logs as required and within the timeframe requested, to the CIO and/or the Cybersecurity Official (CISO).
Work with NASA in developing all Cybersecurity documentation.
Monitor Network Trends.
Monitor system and network device behaviors to establish and maintain a baseline of normal patterns and trends for all NASA networks.
Report network activities that diverge from NASA's normal network patterns or trends.
Conduct analysis of the vulnerability scan data and patch management data produced from Government-provided tools. Analysis shall include current status charts/graphs, trending information, risk ranking of identified vulnerabilities, and complete, effective and resource efficient mitigation strategies.
In coordination with NASA align with Agency tool sets and process such as CDM for Vulnerability Management. Address vulnerability reports from external Federal entities such as DHS, OIG, or OMB.
Develop, maintain, and test the Contingency and related Disaster Recovery Plans, in accordance with NASA policy, to ensure the orderly recovery from a disaster that may render all or part of information facilities, systems, and equipment inoperable. This plan shall be in accordance with NASA Continuity of Operations (COOP) Planning Procedural Requirements.
Coordinate with Agency and Center information systems and disaster recovery experts across NASA to verify integration of procedures and planning techniques.
Execute effective measures to protect all systems equipment and data from potential environmental threats.
Assist the Center CISO in the notifications and disablement process for individuals who fail to complete annual cybersecurity training by the deadline.
Assist NASA organizations in understanding and interpreting NASA policy and procedures relative to privacy.
Assist NASA in implementing privacy information protection in accordance with NASA policies and federal mandates.
Support the NASA Privacy Program Managers in all privacy related aspects.
Assist NASA in responding to federal privacy inquiries and reporting requests.
Assist NASA stakeholders to meet and validate the privacy requirements as defined in NASA policies.
Assist the Breach Response Team (BRT), as needed.
Support the NASA Privacy Program Managers with SBU transition to CUI based on NASA's requirements, procedures and processes.
Assist with developing and providing communications and outreach material.
Assist with developing required annual reports based on the Federal mandates and guidelines.
Ensure appropriate banner markings are labeled on CUI documents.
Store and maintain the documentation in the approved NASA Repository.
A minimum of one of the following certifications; CompTIA Security+ or CASP certification or able to certify within 2 years after contract start
Solid understanding of key communications tools, such as Microsoft Project, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint.
EDUCATION & EXPERIENCE: BS degree and less than 2 years of prior relevant experience or equivalent years of experience.
Pay Range:Pay Range $50,700.00 - $78,000.00 - $105,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Covid Guidance for the US
In order to enter Leidos facilities in the U.S. and to attend Leidos events outside our facilities, employees are required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. In addition, we are receiving guidance from certain customers that onsite contractor personnel will need to be fully vaccinated to access customer facilities. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC.
Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 44,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $13.7 billion for the fiscal year ended December 31, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.