HSS Chief Cyber Security Officer
• GENERAL RESPONSIBILITIES:
• The HSS Chief Cyber Security officer is primarily responsible for the development of winning technical solutions. The HSS Chief Cyber Security Officer leverages corporate technical capability (technology, processes, subject matter expert talent) and Leidos core competencies to develop the solution. Early in the capture effort, they are responsible for designing, planning, and managing the technical approach and ensuring that it meets the program requirements and customer hot buttons; is competitive, realistic and feasible; is consistent with staffing and pricing; and, carries acceptable risk. The Solution Architect ensures that the technical solution considers management decisions and constraints, and reflects the win strategy, customer intelligence, and competitor intelligence. During the Proposal Phase, the Solution Architect validates the incorporation of the solution in the Technical Volume and supporting Basis of Estimates, and provides guidance to the proposal team to ensure proposal products accurately depict the solution. While these responsibilities are very focused on new business capture, the Solutions Architect (SA) may also have the opportunity to follow pursuits into the corresponding awarded contracts or other non-capture project opportunities over time.
• • EXPECTED CHARACTERISTICS OF LEIDOS Chief Cyber Security Officer:
• • An unwavering commitment to the high ethical standards of the Corporation, a respect for others and consistent excellence in the performance of their professional responsibilities
• • Demonstrated initiative to maintain and grow their personal technical competence
• • The desire to continue practicing as a solutions developer
• • Discriminating technical/engineering competency in their domain of practice (vertical market)
• • Demonstrated success as a material contributor to one or more delivered solutions
• • The cognitive ability to 'abstract' and 'connect the dots'
• • The ability to communicate well at all levels of the organization and with our customers
• • The ability to lead a team and motivate people
• • SA CORE COMPETENCIES:
• • Customer Relationship Management
• • Business Development
• • Program Management
• • Financial Management
• • Engineering and Technology
• • Capture Management and proposal writing
• • Organizational Acumen
• • Leadership
• • CYBER-SPECIFIC JOB SUMMARY:
• Seeking a senior cyber security solutions architect who can perform the following:
• • Serve as leading system architect in pursuit of complex system integration projects the success of which depends on application of the most diverse and advanced cyber technology, tools, processes, and skills.
• • Interact effectively with customers, understanding stated and unstated needs, requirements, vulnerabilities and gaps. Working with the pursuit or project team, translate this understanding into the following as appropriate:
o Contributions to the pursuit plan, in the case of new business. Understanding the evaluation criteria and the evaluators' technical positions, desires and hot buttons, and develop the solution accordingly, taking caution to avoid over-engineering a solution.
o Contributions to the project plan, in the case of new projects. Understanding the project requirements and project plan, developing responsive solutions for optimal technical schedule and financial performance, ultimately delivering high customer satisfaction.
o Decomposition of the understanding into an architectural approach, required components, allocations, required skills, and estimates of effort and schedule in support of the win strategy or the project plan.
o Documented trade studies, decisions, assumptions, results, and changes for optimal traceability and compliance with requirements.
o Considering a variety of alternative solutions, including investment recommendations, early in the capture process that will differentiate Leidos from potential competitors. o Considering alternative solutions as appropriate to deliver cost-effective superior performance and on-contract growth for in-flight projects.
o Technical team leadership, including team development, guidance and mentoring, and improved processes and team performance.
o Representing the team to upper management and to customers as needed. Collaborating across the company, subs, and industry as required to bring forth the best ideas and optimal solutions.
o Projecting thought leadership through industry engagement, customer meetings and conferences, shaping activities, and writing technical papers as appropriate to the domain.
o Demonstrate domain specific expertise through:
Knowledge of cyber defense-in-depth principles, network/HW/SW security architecture, network topology, IT device integrity, and common security elements o Development of cybersecurity architectures and designs including firewalls, intrusion detection and prevention (IDS/IPS, data loss prevention (DLP), system information and event management (SIEM) with SPLUNK or other tools.
Employing Defense in Depth principles and practices (e.g. Defense in Multiple Places, Layered Defenses, Security Robustness)
CND: Understanding how to perform Computer Network Defense incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations that enable expeditious remediation.
IR: Understanding how to perform Incident Response in the event of a breach (as is done by example programs US-CERT, GSM-O, DC3, and some others)
Forensics: Understanding post-incident forensic analysis techniques, including reverse engineering or malware deconstruction.
• Hold and maintain an active Top Secret clearance, or eligibility to obtain one. In addition, ability to obtain SCI clearance.
• Strong technical writing and communications skills.
• Previous experience in cyber-related technical leadership positions. Demonstrated ability to determine need for potentially esoteric technical skills, find them, apply them to fill pursuit/project needs, and direct their contributions to satisfy project or pursuit objectives.
• Ability to support occasional need for travel to remote sites to perform duties. Ability to support "fly-away activities" with "fly-away kits".
• Working knowledge of security products, including SIEM, Security Applications, Network Devices, and End Point Protection.
• Familiarity with Federal IT Security regulations and guidance such as NIST 800-53, NIST 800-37 and FIPS 199.
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security arena.
• One or more of the following certifications: CISSP (preferred), CCSP, GSLC, and CISM, SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Intrusion Analyst (GCIH)
• Familiarity with tools such as FireEye, Carbon Black/Bit9, ArcSight, HBSS, Fortinet, Palo Alto, SourceFire/Cisco IPS, BRO, AirTight, Solera and SPLUNK Security and other industry leading cybersecurity products. DESIRED
• Experience with Security Operations Center daily operations.
• CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization
• Understanding of the cyber kill chain principles.
• Cyber threat intelligence experience
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
• Experience and proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics
• Experience with malware analysis concepts and methods
• Knowledge of incident response and handling methodologies
• Knowledge of defense-in-depth principles, network/HW/SW security architecture, network topology, IT device integrity, and common security elements
• Experience determining and taking appropriate courses of actions in response to identified and analyzed anomalous network activity
• Experience reconstructing malicious attacks or activity based on network traffic and identified anomalies
• Experience in writing and publishing CND guidance and reports on incident findings to appropriate stakeholders
• Knowledge of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems
• Knowledge of CND policies, procedures, and regulations
• "Other Active Cyber Certification(s), such as GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCase Certified Examiner (EnCE), GIAC Network Forensic Analyst (GNFA), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH)
EDUCATION & EXPERIENCE:
Typically requires Masters with 15 years of prior relevant experience or Bachelors and 17 years of experience. Relevant certifications in management such as PMP, and technical discipline such as Cisco (CISSP, CCSP) and/or Cyber Certifications (GIAC) will be considered in lieu of graduate degree as well years' experience. Proven recent and current expertise and application (successful track record reflected in career progression) with emerging cyber technology also considered in lieu of graduate degree and years' experience.
External Referral Bonus:
Potential for Telework:
Clearance Level Required:
Yes, 25% of the time
Scheduled Weekly Hours: