Leidos is seeking a Security Network Engineer who will be a member of a dynamic team working on the Federal Aviation Administration's (FAA's) En Route Automation Modernization (ERAM) technology. ERAM is the heart of the Next Generation Air Transportation System (NextGen) and the pulse of the National Airspace System, helping to advance our transition from a ground-based system of air traffic control to a satellite-based system of air traffic management.
Responsibilities both as a team member and individually:
• Secures enterprise Wide Area and Local Area Network Services by defining, determining and interpreting security requirements.
• Develops security architectures and proposals to protect US Federal Government networks.
• Plans and directs the implementation and testing of security systems, blueprints the approach to achieving ATO.
• Prepares security standards, policies, and procedures
• Determines network information security requirements by researching information security standards and evaluating government defined standards, FISMA security controls, industry standards/best practices against mission strategies and requirements
• Conducting system security and vulnerability analyses and risk assessments and recommending the appropriate architecture/platform;
• Identifying integration issues and addressing proposed solutions; preparing cost estimates.
• Applies SecDevOps best practices and methodologies integrated with DevOps processes.
• Plans security systems operational concept and architecture by evaluating network and security technologies.
• Performing security architecture solution trades, developing requirements for wide area networks (WANs), local area networks (LANs), to include software defined networks (SDN's) and network function virtualization (NFV), virtual private networks (VPNs), routers, firewalls, and related security and network devices.
• Designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software adhering to industry standards.
• Performs trades, makes recommendations and identifies security platform (SIEM) and tools. Assess a technologies strategic value, functional and performance capabilities (reliability, maintainability, and availability), cost and risk in the context of the mission for network services.
• Defines the operational concept, security process and security architecture in the context of the given mission articulated through drawings and descriptions suitable for high value customer proposals.
• Works with a given government agency to obtain ATO and contributes substantially to resolving customer concerns in meeting ATO deadlines with proven approaches and implementation methodologies that were used in other government agencies as references.
• Demonstrates in-depth knowledge in state of the practice and evolving practices for APT, threat vectors, behavior pattern analytics, system integrity, boundary protection, end-point management, monitoring, metrics and 365-degree situational awareness.
• Transmitting, and maintaining keys; providing technical support; completing deliverable documentation.
• Develops the System Security Plan (SSP), validates the implementation and testing of advanced STIG guidelines. Verifies security systems by assisting security administrators in the development of test scripts.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
• Evolves security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
• Develop and updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Typically requires Bachelors of Science or Mathematics degree and 12-15 years of prior relevant experience or Masters in Cyber-security with 10- 13 years of prior relevant experience. May possess a Doctorate in technical domain.
• Proven design portfolio of state of the practice network security architectures for large networks
• Demonstrated knowledge of SDN/NFV through either a security implementation or through applied study/testing
• Demonstrated in-depth knowledge of two or more security technology platforms and tools
• Has applied SecDevOps or is working toward evolving SecDevOps for a mission system or enterprise
• Successfully leading a Federal Agency or DoD organization through a security ATO
• 5+ Years working with NIST 800-53 and FISMA High security controls
• Working knowledge of the FAA and FAA security practices and standards • Certified Information Systems Security Professional certification
• CompTIA Security+ certification Public Trust clearance or higher level clearance attained
• Excellent communication and writing skills to work with all levels of an organization
• Published articles and contributions to cybersecurity and threat intelligence Senior Security Architect Skills and Qualifications: Network Security, Networking Standards, Network Protocols, NIST/FISMA standards and controls, SIEM platforms and security tools, Network Configurations