Leidos has an immediate opportunity for an Information Systems Security Engineer to provide Cybersecurity engineering support to the Airspace Mission Planning Division, Hanscom AFB MA and its Operating Location at Eglin AFB FL. The Information Systems Security Engineer's principal responsibility is successful Security Assessment and Authorization (A&A) of Mission Planning software applications. These Mission Planning software applications are in use today by US Air Force and US Navy aviation mission planners, and operate on various DoD networks, closed networks and stand-alone systems. Position requires US citizenship and a DoD secret clearance for consideration.
- Researching, developing, implementing, testing, and reviewing hardware/software Cybersecurity requirements, IAW DoD/NIST Risk Management Framework (RMF).
- Advising the program management team on potential threats, implementing security measures and monitoring applications in order to meet or exceed all DoD/NIST RMF requirements.
- Supporting the government program office's Cybersecurity team with analyses supporting Authorization to Operate (ATO)/Authority to Connect (ATC) decisions.
- Evaluating the hardening of Operating Systems, applications, and network infrastructure using Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), and Information Assurance Vulnerability Alerts (IAVA).
- Developing and maintaining system-specific Security Controls Traceability Matrix (SCTM), Risk Assessment Reports, Plans of Action and Milestones (POA&M), System Security Plans (SSP), Application Security and Development Checklists, and other artifacts supporting software certification and accreditation.
- Running vulnerability scans for applications using various tools such as HP Fortify; working with software engineers to analyze the report; and running vulnerability scans for operating systems and network infrastructure using Nessus and/or ACAS.
- Contributing to Program Protection planning, Anti-tamper planning and identification of Critical Program Information (CPI).
- Requires US citizenship and a DoD secret clearance for consideration
- Bachelor's degree in Computer Science, Information Security, Electrical Engineering or a related scientific/technical discipline, with 8-12 years Security Engineering related experience.
- Possess minimum current DoD 8570 IAM Level I certification (e.g.: Security+ CE) at time of hire and ability to obtain IAM Level I/II certification within one (1) year of hiring, e.g.: CISSP (see https://iase.disa.mil/iawip/Pages/iabaseline.aspx)
- Familiarization of DoD 8510, NIST 800.53 Risk Management Framework, and CNSSI 1253
- Proficiency with MS Office Products (Word, Excel, Visio, & PowerPoint).
- Advanced degree preferred (ideally in computer science, engineering or related technical discipline preferred)
- Experience in leading certification and accreditation (C&A) processes in accordance with DoD policy, standards & guidelines.
- Technical knowledge of computer networking and computer security protocols, and prior hands-on implementation of network and software security controls.
- Familiarity with vulnerability scanning tools such as HP Fortify, Nessus, and/or ACAS