Leidos is hiring a Senior Information System Security Engineer for the NEST contract. NEST is a large, multi-year contract supporting NASA and a part of the NASA IT Division. NEST manages the primary infrastructure and core services for end user devices for the NASA Agency. As the ISSE you will support and lead the Assessment and Authorization, Vulnerability Management, Security Engineering, and Access Management teams. Provide analytical and technical security recommendations to the team, oversight boards, leadership, and customers. Meet with NASA and management to help specify and negotiate application and system security requirements, reviews current policies and procedures for applicability, and monitor system OS security patch levels and ASCS Baselines.
The ISSE will monitor and manage system compliance within the NASA environments for approximately 60,000 systems. Additionally, you will manage the overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles of NASA NEST Systems. Develop, maintain, and manage Security Authorization and Assessment packages including Annual assessments, self-assessments to achieve continuous authorizations to operate (ATO) for the current NEST systems and applications. You will conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance are being met and security risks are documented within the Agency A&A tool. You will work alongside various Subject Matter Experts (SME) from Operations and Engineering to provide security assessments, compliance, and project implementations reviews for new and current innovations for NEST. Oversee all the POA&Ms and RBD’s identified for NEST and track progress to ensure that deadlines are being met.
- Lead a team of Cybersecurity professionals for Assessment and Authorizations, vulnerability management, and help manage projects though the lifecycle
- Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.
- Performs and/or reviews technical security assessments of computing environments to identify points of vulnerability, non- compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.
- Validates and verifies system security requirements definitions and analysis and establishes system security designs.
- Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, systems, and applications.
- Builds IA into systems deployed to operational environments.
- Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).
- Assists architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.
- Supports the building of security architectures.
- Enforce the design and implementation of trusted relations among internal/external systems and architectures.
- Assesses and mitigates system security threats/risks throughout the program life cycle.
- Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
- Reviews Assessment and Authorization (A&A) documentation, providing feedback on completeness and compliance of its content.
- Auditing and assessing system security policies and configuration settings.
- Communicating with and working closely with System Engineering and operations teams to ensure that the hardware and software implementation meets the security requirements for processing Controlled Unclassified Information (CUI)
- Analyzing and assessing system implementation against multiple security compliance policies and evaluating the impact of new development.
- Management of Plan of Action and Milestones (POA&Ms) to completion through the vulnerability management lifecycle, while working with operations on solidifying a plan to mitigate according to NIST guidelines.
- System and applications vulnerability assessment with tools such as Nessus, BigFix, SCCM, Splunk, Jamf, Satellite, and the RISCS tools
- Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; identification; authentication; authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing.
- Supports security authorization activities in compliance with NASA Continuous Monitoring proves and the NIST Risk Management Framework (RMF) process
- BA/BS degree and 8-12 years of prior relevant experience
- Must have a minimum of five (5) years’ experience working in an IT environment similar in size (or larger) and scope to this task order.
- Experience meeting with clients and management to specify and negotiate application security requirement, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of application to production
- Experienced in providing risk analysis for vulnerabilities, incidents and change request.
- Experienced in being an active member in technical workgroups to recommend effective security configurations and architecture.
- Ability for oral and written communications with the highest level of management.
- Managing project
- Knowledge in Risk Management Framework (RMF), NIST Special Publication 800 series
- Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.
- Understanding of related information technology (e.g., firewalls, VPN, virtualization, DLP, etc.) and physical security assets.
- Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.
- 7+ years of experience in IA/Cybersecurity.
- Security certificates such as CISSP, CISM, GSLC, or CASP.
- Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices
- Experience working with IDS/IPS and processes.
- Experience with NASA Policies and Procedures
- Experience with Windows GPO’s and Linux/MAC Security configuration
- FedRAMP Assessment and Authorization
- Experience with Security System Architecture
Pay Range:Pay Range $97,500.00 - $150,000.00 - $202,500.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 45,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $14.4 billion for the fiscal year ended December 30, 2022. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.