The Leidos Defense Group is seeking an Information System Security Officer (ISSO) for a position located at Fort Belvoir VA and/or Adelphi, MD. This position is part of a Sensitive Compartmented Information (SCI) Program supporting the Army C5ISR CSSP. This is an exciting opportunity to use your experience to help an important DoD Cyber mission.
The ISSO will ensure implementation of security features for the detection of malevolent code, viruses, and adversaries. Develops risk assessment reports and remediation recommendations to other IT support personnel and Government Leadership. The ISSO will also ensure the unit’s information systems follow USARMY, DoD, CNSS 1253 and Intelligence Community (IC) guidance and requirements. The ISSO will also support the risk management lifecycle throughout all phases, and insider threat/risk programs. The ISSO supports and upholds the Information Assurance program for Information Systems within Network Environments. The ISSO constructs and implements system information security standards and procedures, ensuring functionality and security of the unit’s Information Systems. The ISSO works closely with the Information System Security Manager (ISSM) and fills the duties of the ISSM as required; many of the RMF requirements dictate ISSM/ISSO approval so the ISSO will be a point of security authority for the information system. The ISSO will also work closely with the Information System Security Engineer (ISSE) that collaborates with the RMF team and the system’s engineers/developers.
- Oversees Information Assurance and Risk Management Framework processes and performs duties as ISSO for C5ISR CSSP authorization boundary subscribers
- Ensures other IT support personnel monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks
- Communicates with internal and client project team members. Works to implement solution designs and/or processes in hardware, software, data and procedures.
- Coordinates with personnel on system security compliance and Information System Authority to Operate.
- Ensures Configuration management policies and procedures for authorizing the use of hardware/software on an IS are followed
- Coordinates Information Security Reviews, Security Inspections, and Tests
- Assesses system security threats/risks
- Validates system security requirements definitions and analysis
- Assists with assessment and authorization process as needed
- Tracks and validates security incidents and may be required to investigate, document, report, and provide future protective and corrective measures in response to such incidents
- Ensure proper measures are taken when an incident or vulnerability is discovered
- Leads Leadership Briefings on system security compliance and Information System Authority to Operate (ATO) compliance, expiration and actions
- Implements the Risk Management Framework (RMF) methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission
- Reviews evidence and artifacts provided by the ISSE for determination of the RMF controls’ compliance
- Creates documentation (e.g., plans and policies) to satisfy the compliance of RMF controls
- Populates and maintains RMF database (eMASS) with bodies of evidence to support system authorization actions, and verbiage to answer controls and their control correlation identifiers (CCIs)
- Collaborates with the Program Managers, Government Information Assurance Program Managers, ISSMs, engineers and configuration managers to maintain an effective risk assessment process.
- Ensures data stewardship (confidentiality, integrity, and availability) is established for each IS, and specific requirements are enforced
- Is attentive to any security advisories and alerts from DoD, USCYBERCOM, and other authoritative sources and ensures the system complies with them
- Monitors system authorization boundary’s logs for any unauthorized actions and remains cognizant of alerts/notifications to ISSM/ISSO
- May transition to ISSM role in future, as growth opportunity
- BS & 8-12 years of prior relevant exp in Information Security; or Masters with 6-10 years of prior relevant exp in Information Security; Additional experience may be considered in lieu of a degree.
- 10 + years of experience within the information technology job field.
- Must possess a current DoD Top Secret/SCI clearance single-scope background investigation. TS with current SCI eligibility accepted.
- Knowledge of RMF process, eMASS workflow tools
- Knowledge of DoD policies and procedures relating to information technology
- Experience working with cloud computing and infrastructure (AWS, Azure, etc.)
- Maintains currency of required DoD/USARMY trainings
- Per DoD Approved 8570 Baseline Certifications, obtains and/or maintains required Cyber Security Service Provider (CSSP) Auditor certification AND IAM Level II certification
- Bachelor’s degree in a STEM discipline (Computer Science, Engineering, Mathematics, etc.)
- AWS Security Engineering Course
- ISC2 Certified Information Systems Security Professional Course
- ISC2 Certified Cloud Security Professional Course
- Experience working with Jira and Confluence
- Experience with USARMY systems/tools/implementations
Pay Range:Pay Range $118,300.00 - $182,000.00 - $245,700.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 44,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $13.7 billion for the fiscal year ended December 31, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.