Information Assurance Security Engineer/Information System Security Engineer (IASE/ISSE)

Description

The Defense Group has a dynamic job opening for an Information Assurance Security Engineer/Information System Security Engineer (IASE/ISSE) to work at our customer site in Suitland, MD. All work will be performed onsite at the National Maritime Intelligence Center. In this role, you will be recognized as the subject matter expert and will have a thorough understanding of advanced technical principles, theories, and concepts in Security Engineering to include operations, engineering, technical and program management support services and associated supplies to support the cyber related requirements and operations. You will be relied upon to influence development of solutions that impact mission goals and objectives and will be expected to work independently and resolve highly complex problems using significant application of technical knowledge, conceptualizing, reasoning and interpretation of facts and requirements. 

This is a great opportunity to be part of the Cybersecurity Engineering team responsible for providing in-depth Information Systems Security Engineering (ISSE) Support to the ONI Enterprise and the mission of Assessment and Authorization for the Navy Intelligence Delegated Authorizing Official. The Security Engineering Division identifies and matures information system security requirements and ensures those requirements are effectively integrated into information technology components and information systems through purposeful security architecting, design, development, and configuration.  Cybersecurity Engineering Division is also the engineering and system administration lead for new cybersecurity tools entering the enterprise.

Great News! Program is now offering additional Paid Time Off or a Sign-on Bonus!

What Will You Do

• Capture and refine information security requirements and ensure their integration into information technology components and information systems through purposeful security design and configuration.

• Perform vulnerability assessments, ethical hacking, and penetration testing to determine weaknesses and exploit methods in systems/networks utilizing COTS tools like Kali Linux, GOTS tools, and approved open-source scanning tools as  well as security testing methodologies and frameworks to determine threats against information and system/networks and recommend appropriate countermeasures for continued mission assurance.

• Perform cybersecurity analysis and threat vector identification of complex IT requirements and IT systems to include:

• Critical infrastructure systems and Industrial Control Systems that employ SCADA technologies.

• Cloud Platforms (e.g., Amazon Web Services/Azure), cloud applications based on Linux, Apache, MySQL, PHP/Perl/Python (LAMP) framework, SCCA

• Windows, RHEL, Oracle, and Apple family of servers, apps, & workstations

• Mobile technologies such as tablets, smart phones, laptops, Bluetooth devices, etc.

• Cross Domain Solution (CDS) Systems interconnecting multiple classification enclaves

• RDBMS such as Oracle and PostgreSQL, NoSQL databases (e.g., MongoDB), XML and JSON based semi-structured technologies

• Web-Server and web application technologies (e.g., MS IIS, Apache/Tomcat)

• Container and virtualization technologies such as Docker, VMware, RedHat Virtualization (i.e., KVM), and RedHat OpenShift Container Platform

• (IdAM) solutions, Multi-Factor Authentication (MFA) and Public Key Enablement systems•Provide remediation recommendations and mitigating strategies for vulnerabilities discovered and maintain in-depth knowledge of DISA Security Technical Implementation Guidance, technologies such as Tenable Nessus, STIG Viewer, Security Requirements Guides, Security Content Checker, STIG benchmarks, open-source tools such as Vulnerator, and other automated tools that assist with the assessment of security controls and the presentation of security assessment results.

• Support the development, documentation and delivery of training and training materials on all cyber tools, software, processes and policies.

What Set's You Apart (job qualifications)

• Bachelor’s degree in a related field and 12 or more years of related work experience; additional experience may be considered in lieu of a degree

• Must possess an IAT or IAM Level III DoD Approved 8570 Baseline Certification in accordance with DOD 8570.01-M

• A DoD Top Secret/SCI security clearance required to start

• 5+ years of software development experience in Java, C, C++, or other programming or scripting languages.

Experience in:

• DIACAP/DoD RMF, DCID 6/3, ICD-503, and/or RMF

• System/software design, enterprise architecture security, integration, testing, system administration, application administration, training, deployment, and O&M.

• Designing, developing and using host based and network-based scanning tools..

• Security Content Automated Protocol (SCAP) based tools and specifications.

• Installation, configuration, testing, deployment, and O&M of Enterprise-wide network-based scanning tools (e.g., HBSS, ACAS, etc.) in support of compliance testing and continuous monitoring.

• Implementing security engineering practices in the System/Software Development Life Cycle (SDLC) Process; General knowledge of the DoD, IC, and national level system security initiatives and secure Information/LAN/WAN technologies.

• System/software design, enterprise architecture security, integration, testing, system administration, application administration, training, deployment, and O&M.

Proficiency in:

• IC, DoD, DISA, NAVINTEL IA, Fleet Cyber Command (FLTCYBERCOM), and DoDIIS processes, tools, systems, reporting mechanisms and requirements for Assessment and Authorization

• Hardening modern operating systems (OS) Unix (e.g., Oracle Solaris 10/11, RHEL) and MS Windows using Security Technical Implementation Guides (STIG)

• Securing systems/software IAW IC, DoD, and industry best practices; development of security controls, testing methodologies, and test procedures for systems, cloud-based architectures, and Cross Domain Solutions (CDS)

Travel - Up to 10% may be required within the National Capital Region

Preferred Qualifications (nice to have)

• Project Management experience.

• CISSP-ISSEP or CASP certification

NITESONI

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Featuredjob

About Leidos

Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 46,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $14.4 billion for the fiscal year ended December 30, 2022.  For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.