No two career paths will ever look the same. At Leidos, we know the most talented and diverse IT and engineering professionals will always have a multitude of career choices; your time at Leidos will be a wise investment in your career and in yourself. We welcome your perspective and ideas, in order to foster collaboration and deliver world-class solutions. We look for solutions that not only transform businesses, but change the world.
Our Civil business is helping to modernize and manage infrastructure, systems and controls, and cybersecurity for civilian agencies and commercial clients around the globe. With core competencies in information technology, energy and environment, complex logistics, and specialized engineering, we solve technical challenges and implement newfound efficiencies on a number of programs!
Protect yourself and your family, with the benefits of working for a world-class employer. When you join Leidos, you join a Fortune 500 company and one of Ethisphere Institute's "World's Most Ethical Companies"
Leidos...We strive to make the complex clear
Leidos is seeking an Information Security Engineer for the ESA IV program. The ESA IV Security team supports multiple DOJ components (ATF, USTP, ATR). This position will primarily support the DOJ Alcohol Tobacco Firearms and Explosives (ATF) component. This position is for an Information Security Engineer focused on security compliance reviews. This includes but is not limited to annual audits (e.g. OMB, A123, FISMA) and maintenance of records in the compliance management system (e.g. POAMs, waivers, registered assets). The candidate may also be involved in other security assessment activities including but not limited to: Risk Management Framework elements, assessment of security controls, and assessment of new functions. The candidate may act as the interface between auditors and system subject matter experts. This will require the candidate to understand the target systems to appropriately decompose inquiries to actionable items for SMEs, then validate the SME responses. The candidate should understand how to document system compliance with government security controls (e.g. 800-53, FISMA). The candidate may also support Security Operations, e.g. conducting security scans.
Clear verbal and written communication skills are essential. This position also requires good project planning skills to identify how to meet schedules, identify dependencies, and identify risks and work arounds.
This position requires a security investigation completed by the ATR and ATF to permit access to customer-sensitive information.
- Bachelor's degree and 8 years related experience or Master's degree and 6 years related experience; additional years of experience will be considered in lieu of degree
- Experience with supporting assessment of IT systems compliance with Federal IT Security standards (e.g. NIST 800-53, FISMA)
- Working knowledge of Federal Certification and Accreditation practices
- Ability to respond to security audits and compliance assessments including decomposing auditor requests to actionable items, compiling and presenting security audit artifacts
- Ability to evaluate IT system compliance with government and commercial security practices (e.g. DISA STIGS, SANS Top 25)
- Experience with one or more of the security compliance managements systems used by federal or DOD customers (e.g. CSAM, XACTA, Risk Vision)
- General knowledge of enterprise scale IT systems, architectures and components (servers, and virtualization, networking, security appliances, SAAS, IAAS) particularly the system integration challenges balancing secure operations with operational need.
- Solid communication and documentation skills
- Experience with DOJ compliance environment and related tools (CSAM, Tenable Security Center, application scanners, database scanners)
- Ability to compile and update system accreditation packages
- Direct experience or solid familiarity with cloud computing and applicable security practices (e.g. FedRAMP, SAAS, IAAS)
- Ability to recognize security risks, document risk, and clearly communicate findings and recommendations.
- Experience supporting Incident Response events
- Experience supporting review and certification of Physical Security elements of a facility