Information System Security Officer - Industrial Control Systems

Description

Leidos is a Fortune 500™ company aimed at embracing and solving some of the world’s most pressing challenges. Through science and technology, Leidos makes the world safer, healthier, and more efficient.

Our Civil Group offers an array of exciting career opportunities for the best IT, energy, logistics, and engineering professionals. Driven by our talented workforce, the Federal Energy, Environment, and Commerce Operation builds trust through an array of energy-related IT, environmental science, and engineering solutions to meet our customers’ needs.

Key Capabilities:

• Large Infrastructure
• Mission Support
• Digital Modernization
• Command & Control
• Mission Applications
• Environmental Science
• Nuclear Security
• Engineering Services

Required Security Clearance:

• Candidate must be able to obtain and maintain a DOE Q Clearance. This position is contingent upon clearance verification and program/customer concurrence.

Responsibilities:

• Support the Cyber Security and Information Technology programs, reporting to the Information System Security Manager (ISSM) and IT Director.
• Operate as the Subject Matter Expert (SME) within the Information Assurance technical domain.
• Ability to work independently and collaboratively with IT and Cyber professionals.
• Develop, review, and oversee the implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security across the organization's information systems.
• Maintain a deep understanding of relevant government regulations related to information system security and ensure organizational compliance with Department of Energy mandates. This includes keeping up to date with future modifications to these regulations.
• Lead efforts in identifying, analyzing, and mitigating potential security risks in accordance with government regulations.
• Attend, plan, coordinate, and conduct internal and external audits or assessments to ensure continued compliance with established security policies and regulations. Address any identified issues such as opportunities for improvement (OFIs) or non-conformities (NCs) in a timely and comprehensive manner.
• Supervise the activities of Cyber Security Analysts and the Cyber Operations Group Lead. Offer guidance and support to ensure effective security measures are in place and are executed according to site policies and regulations.
• Coordinate the response to any security incidents, working closely with the Cyber Security team to investigate, document, and report incidents, while also making recommendations for future risk mitigation.
• Coordinate with relevant departments to develop and deliver information security training and awareness programs to ensure staff are aware of their responsibilities and can act in a manner that minimizes risk to the organization.
• Regularly report to senior management about the status of the organization's security posture, regulatory compliance status, audit findings, and any other security-related issues and plans.
• Regularly review and recommend improvements to the organization's security policies, processes, and practices based on changes in the threat landscape, technology landscape, or business requirements.
• Evaluate the security controls of third-party vendors and manage the risk associated with third-party relationships. Ensure contractual security requirements are being met by vendors.
   

Accountabilities:

• Communication Skills: The candidate should have demonstrated leadership qualities, strong verbal/written communication skills, communicate clearly at both one-on-one and group levels, communicate with team leaders, managers, and internal employees in the decision-making process to obtain needed information, make the most appropriate decisions, and ensure buy-in and understanding of resulting decisions.
• Task Management Skills: The candidate is expected to proactively determine project or assignment requirements by breaking them down into tasks and identifying types of equipment, and materials needed. The candidate consistently and proactively identifies more critical and less critical activities and assignments and effectively adjusts priorities when appropriate.
• Team Coordination Skills: The candidate is expected to set high expectations for oneself, and has the courage to raise the bar continuously. The candidate holds oneself and others accountable for continuous improvement and communicates expectations directly, openly, and effectively. The candidate conveys a sense of purpose and mission that motivates others, maintains direction, and balances big-picture concerns with day-to-day issues. The candidate guides others in creating relevant options for addressing problems/opportunities and achieving desired outcomes.
• Base of Knowledge Skills: The candidate must have complete knowledge of verification, validation, certification, and qualification processes and procedures, including knowledge of current governing regulations and compliance requirements; advanced level of understanding and proficiency in the use of networking computing hardware and software applications; extensive knowledge of processes and tools needed to maintain, archive, and retrieve digital files; as it relates to cybersecurity, ability to read and understand contracts, Statements of Work.

Minimum Certifications, Education, and Experience:

• Bachelor’s degree from an IT or Cyber related subject matter area from an accredited college or university, and 4+ years of experience in an IT-related position with at least 2 years being in an operational cyber security-specific role (e.g., information system security officer, cyber security analyst) or;
• Associate’s degree from an IT or Cyber related subject matter area from an accredited college or university and 6+ years of experience in an IT-related position with at least four years being in an operational cyber security-specific role (e.g., information system security officer, cyber security analyst) or;
• High School diploma/equivalent with at least 8 years of IT/Cyber experience.
• Possess a Cyber centric certification such as a Security+, CISM, or CISSP.

Preferred Experience and Qualifications:

• Experience or knowledge of U.S. Department of Energy (DOE) directives, or similar U.S. State or Federal departmental agency policies, and procedures pertaining to sensitive information, computing, cybersecurity, information technology, etc.
• Experience with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 or Revision 5
• Demonstrated success in achieving project completion in a timely manner. This includes having effective project management skills and correctly assessing the time required to carry out given tasks.
• Experience using Cyber Security relevant tools, systems, and applications to include but not limited to Governance Risk and Compliance (GRC) applications, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
• Possess a Cyber Security application or vendor-specific certification associated with any number of the types of relevant tools previously listed.
• Possess an intermediate to expert level Cyber centric industry certification such as a CYSA+, CASP+, OSCP, GCIH, CISA, CISM, or CISSP.
• Operating System experience to include a fundamental understanding of common security best practices or industry standard baselines such as those developed by the Center for Information Security (CIS) or the Defense Information Systems Agency (DISA).
• Experience using Cyber Security relevant tools, systems, and applications to include but not limited to: Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
• Demonstrated knowledge of standard IT processes and tools that are used to maintain, archive, sanitize, and retrieve digital files.

*** NOTE:

• Must be a U.S. Citizen and eligible for a DOE Security Clearance
• Job Travel Requirement: Able and willing to travel onsite to the Portsmouth location for onsite ICS (Industrial Control Systems) related requirements in Portsmouth.
• Potential for Telework: Yes, preference is roughly 40% remote and 60% on-site, negotiable

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 46,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $14.4 billion for the fiscal year ended December 30, 2022.  For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.