Information Assurance Engineer

Description

The Defense Group at Leidos seeks a Information Assurance Engineer for the Deployed Digital Training Campus (DDTC) contract with the United States Army at Fort Eustis, Virginia.

This role is primarily on-site support at Government Enterprise Management Center (EMC), Fort Eustis, Virginia; occasional teleworking is an option.

The Leidos Defense Group provides a diverse portfolio of systems, solutions, and services covering land, sea, air, space, and cyberspace for customers worldwide. Solutions for Defense include enterprise and mission IT, large-scale intelligence systems, command and control, geospatial and data analytics, cybersecurity, logistics, training, and intelligence analysis and operations support. Our team is solving the world’s toughest security challenges for customers with “can’t fail” missions. To explore and learn more, click here!

DDTC is a portable, Warrior Information Training System, which can be setup at any deployed Soldier location around the world. The training campus is a completely self-contained system with 20 laptops, Internet and satellite accessibility. The system can also provide video tele-training and it is designed for Soldiers to conduct structured self-development courses, advanced leader course phase one common core, correspondence courses, and any other program in the Army e-Learning catalog and the Army Learning Management System (ALMS).

Primary Responsibilities

• Maintain compliance of the DDTC program utilizing Risk Management Framework (RMF) in accordance with National Institute of Standards and Technology Special Publication 800-37 (NIST SP 800-37)
• Access the Information Assurance Support Environment (IASE) Security Technical Implementation Guide) STIG repository to download, benchmarks, STIGs and tools
• Scan systems using the various scan tools and import results to the STIG Viewer to create checklists, analyze vulnerabilities, determine findings and prepare remediation and mitigation strategies for RMF Continuous Monitoring requirements
• Review weekly USCYBERCOM Information Assurance Vulnerability Alerts and Bulletins (IAVAs and IAVBs) for applicable vulnerabilities
• Submit weekly Information Assurance Vulnerability Management (IAVM) reports and prepare IAVM and non-IAVM patch packages for manual patch application by system administrators
• Configure scans using the Assured Compliance Assessment Solution (ACAS) Security Center and utilize the Nessus Scanner to routinely scan, analyze results and report IAVM and non-IAVM vulnerabilities to system administrators to ensure systems are patched prior to remediation due dates
• Maintain quarterly RMF STIG Plan of Action and Mitigation (POA&M) and weekly IAVA POA&M
• Prepare and update RMF documentation as part of Continuous Monitoring
• Develop metrics for measuring and improving the effectiveness of the DDTC security plan
• Manages secure systems and security containers in a classified environment
• Perform, as required, Systems Analyst and System Administration tasks
• Communicates directly with military, other contractors, and U.S. Government personnel; therefore, requires excellent oral and written communication skills, including technical writing
• Act as Project Lead on various sized projects
• Implement process improvement for ingesting, storing, and tracking large amounts of task related data and quickly respond when changes arise
• Delineate tasks from Program Leadership to small group of System Analysts / Administrators
• Creates, develops, and reviews instructional documentation
• Travel may be required to CONUS and OCONUS locations (minimal)

Basic Qualifications

• Must have an active Secret Clearance
• B.S. in Cyber Security, Computer Science, Information Technology, or related field and 4+ years of prior relevant experience or Masters with 2 - 6 years of prior relevant experience or 12 additional years of experience in lieu of degree
• Current DoD-8570 IAT Level 2 baseline certification (CISSP, CISSP-Associate, CSSLP, or CASP+ CE)
• Experience with Risk Management Framework (RMF) 2.0 Continuous Monitoring
• Experience with eMASS
• Demonstrated hands-on experience with vulnerability scanning solutions
• Demonstrated hands-on experience with the DOD Information Assurance Vulnerability Management program
• Demonstrated understanding of system administration, defense-in-depth and common security elements
• Experience with any of the following: Trellix, HBSS, IDS / IPS, and similar products
• Knowledge of Department of Defense (DoD) 8500 series instructions (specifically 8510.01), Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS) guidelines and (NIST) 800 series to ensure compliance of deployed and local infrastructure assets

Preferred Qualifications

• Experience with Security Tools
• Understanding of Sharepoint
• Understanding of VMware technology

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 47,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $14.4 billion for the fiscal year ended December 30, 2022.   For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.