Leidos has an immediate opportunity for an Information Assurance Security Engineer/Information System Security Engineer in Chantilly, VA. This position requires a candidate with an active TS/SCI clearance and the willingness and ability to successfully obtain a polygraph.
The Information Assurance Security Engineer (IASE) provides direct security engineering support to the execution of the customer's Information Assurance (IA) Certification and Accreditation (C&A)/Assessment and Authorization (A&A) mission.
The IASE will be responsible for:
- Installation, configuration, testing, and administration of systems and capabilities to support the automated scanning, monitoring in support of C&A/A& and ICD-503, NIST 800-53 security controls mappings, reporting of FISMA and reporting of Information Assurance Vulnerability Alerts (IAVA)/Intelligence Community Vulnerability Alerts (ICVA).
- Integrating and testing new features and functions within the A&A Management solution. This includes, but may not be limited to, DoD 8500.2, and NIST 800-53 Security Controls mappings; implementing updates business processes, workflow, and templates; and direct support to the government customer
- Performing security assessments; design reviews; and providing guidance on new technologies for the program. New technologies may include, but are not limited to, Cloud technologies, Hardware, Operating System, Web technologies; and Databases
EDUCATION & EXPERIENCE:
- B.S. in Computer Science, IT or applicable engineering or science field
- 4 - 8 years of prior relevant experience or Masters with 2 - 6 years of prior relevant experience
- Active TS/SCI clearance with the ability to obtain a polygraph
- Certifications equivalent to DoD 8570.1M IAT Level II, including Security+ CE or above, or IAM Level II, including CISM, CISSP, or CAP Certification, or IA SAE II
- Demonstrated proficiency in developing and implementing a Cybersecurity plan for a new operational system resulting in an ATO and/or ATC
- Knowledge of the DoD Authorization and Accreditation (A&A) process and standards as implemented in the NIST Risk Management Framework (RMF)
- Experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, firewall policy, ports, and protocols
- 8+ years of Security Engineering experience with DIACAP, ICD-503, and/or NIST Risk Management Framework
- Experience implementing and executing software and security engineering practices as defined by NIST 800-53, ICD-503
- Experience with DoD, DISA, and IC tools, systems, reporting mechanisms and requirements for C&A
- Experience with Tenable Nessus creating custom scan templates, auditing findings, and recommending remediation steps
- Familiarity with AWS concepts and cloud-based security best practices
- Experience in RHEL OS hardening; securing systems/software IAW IC, DoD, and industry best practices; development of security controls, testing methodologies, and procedures for systems, cloud based architectures
- Experience with SCAP based tools and specifications
- Experience designing, developing and using host based and network based scanning tools
- Experience in the areas of system/software design, development, integration, testing, system administration, O&M
- Experience with both Windows and RHEL operating systems
"External Referral Eligible"