Technical Subject Matter Expert for cyber security in the area of application source code vulnerability assessment using variety of commercial based tools ensuring applications or secure as they are migrated into L2/L4/L5 USACE Cloud instances. Directly interact and support ACE-IT Software Developers, CIRT, NOC, SOC, and Engineering proponents to validate that applications moving into USACE Cloud instances are secure per DoD, Army, and DISA mandated security control guidelines and integrate into the ACE-IT architecture on the principles of Defense in Depth as well as continuous sustainment of real-time risk management and vulnerability assessment. Regular tasking would include but not be limited to source code scanning, secure baseline validation, vulnerability and threat assessment, and security model architecture and design validation, enforcement of cyber policy and standards, and internal auditing for cyber security compliance.
- Support Cloud application software developers to ensure application vulnerabilities are properly addressed.
- Perform Fuzzy Hash, Fortify/AppScan, ACAS Scan and application security configuration support to ACE-IT Government, VMSA, SA, and NA personnel to support application vulnerability remediation efforts
- Ensure that IAVA Metric Reporting Data is Filtered Correctly for ACE-IT Managed Systems
- Other cybersecurity assignments as directed
- Perform DISA SCAP scans for STIG compliance verification
- Identify and report cyber threat surface and risk mitigation postures
BASIC QUALIFICATIONS (MINIMUM REQUIREMENTS)
Required Education: Bachelor's degree in Computer Science/Information Technology.
Desired Certifications: CISSP, CCNA, CCDA, CISA
A minimum of 7 years related experience as it relates to the listed responsibilities of the position. Flexibility may occur in overall years experience, dependent upon specific certifications and expertise in areas of cyber or information security.
Specific concurrent expertise (not cumulative) in the following areas are required:
1) Three (3) years' experience in cyber security, Information Assurance/Information System Security Engineering
2) Three (3) years of recent experience with Defense in Depth principles and technology including access/control, authorization, Identification and authentication, public key infrastructure, network, and enterprise security architecture
3) Three (3) years DISA STIG and SRR compliance test and verification
4) Three (3) years ACAS/SCAP/Fortify/AppScan vulnerability scanning, web-application Penetration testing, and auditing
5) Three (3) years DoD, NIST, DISA and Army Information Security regulations, publications, and policy
6) Three (3) years Demonstrated experience applying security risk assessment methodology to application development in L2/L4/L5 DoD Cloud instances (Azure and/or AWS), including threat model development, vulnerability assessments, and resulting security risk analysis
Server & Operating Systems / Software
- Windows 2012/2016 Server, MS SQL Server, SQL Reporter, Windows/Powershell Scripting, Windows 7/10, Linux/Unix, Sun Solaris 10, Cisco IOS, MS Office 2013, Project 2013, Visio 2013, Tenable Security Center and Nessus, HP Fortify, AppScan, WebInspect, DISA SCAP tool.
No two career paths will ever look the same. At Leidos, we know the most talented and
diverse IT and engineering professionals will always have a multitude of career choices; your time at Leidos will be a wise investment in your career and in yourself. We welcome your perspective and ideas, in order to foster collaboration and deliver world-class solutions.
We look for solutions that not only transform businesses, but change the world.
Our Civil business is helping to modernize and manage infrastructure, systems and controls, and cybersecurity for civilian agencies and commercial clients around the globe. With core competencies in information technology, energy and environment, complex logistics, and
specialized engineering, we solve technical challenges and implement newfound efficiencies on a number of programs including those that:
- Power homes and businesses
- Guide air traffic
- Streamline tax returns
- Protect digital footprints
- Contain environmental incidents
- Heighten port security
- Enable scientific discovery
Protect yourself and your family, with the benefits of working for a world-class employer. When you join Leidos, you join a Fortune 500 company and one of Ethisphere Institute's "World's Most Ethical Companies" Leidos...We strive to make the complex clear.