At Leidos, we know the most talented and diverse IT and engineering professionals will always have a multitude of career choices; your time at Leidos will be a wise investment in your career and in yourself. Our Defense business is helping to modernize and manage infrastructure, systems and controls, and cybersecurity for federal agencies and commercial clients around the globe. With core competencies in information technology, energy and environment, complex logistics, and specialized engineering, we solve technical challenges and implement newfound efficiencies on a number of programs.
Leidos is seeking an INFOSEC/COMSEC Engineer to provide Security Engineering support for virtual private data center. The INFOSEC/COMSEC Engineer must have great critical thinking skills and will be very organized and detail oriented. They are responsible for vulnerability management, change management, and patch management. Position shall perform Vulnerability Assessment in an Engineering role. Additionally, the INFOSEC Engineer must be focused on the security and access controls of the implementation to secure its use and demonstrate a strong understanding of ICD 705, FISMA/NIST 800.53a Risk Management Framework related security processes and operating within a Multi-level security environment.
The Cyber Security InfoSec Engineer is responsible for:
• Reviewing responses, entering responses into XACTA, and updating risks in XACTA.
• The position also identifies potential controls where the sponsor is a common control provider and assists with drafting common control language to be entered into XACTA.
• Performs security maintenance duties for assigned projects.
• Duties include preforming gap analysis of security controls vs. as-built and advising the project team of the gaps with recommendations of resolutions options.
• Additional duties include maintaining awareness of operational patching and system level changes of assigned projects, reviewing scans and baselines to ensure proper patch levels, and uploading cyclic scans to the appropriate repositories during the project lifecycle.
• Plays a vital role in achieving and maintaining system accreditation.
• Accreditation duties include providing guidance of the A&A process for assigned projects;
• Provides overviews of timelines and milestones; requesting ATOs, ATDs, and Extensions;
• Requesting, creating, maintaining, updating and closing POA&Ms; working with the various security organizations (Information system Security manager, CAD, IMO, CIFT) to provide proper Body of Evidence and feedback;
• Maintains and uploads security documentations to the proper repositories during the project lifecycle.
• Performs regular reviews, such as: weekly audit log reviews for violations within Splunk and ELK; spreadsheet reviews of ICAM Privileged Users to ensure least/privilege/role separation rules are being followed; reviewing the CRE across all projects;
• You must have a TS/SCI with poly to be considered
• Bachelor's Degree in Computer Science, Engineering or a related STEM technical discipline plus 10 years of experience or the equivalent combination of education, technical training, or work/military experience.
• 5-7 years of elaborating and relevant Information Technology experience;
• Strong written and oral communication skills. - Hands-on experience and the following:
- 2+ years of hands on experience of implementing security products such as SPLUNK, Nessus, and QRadar.
- In depth experience designing solutions that are: secure, resilient, scalable, transformative;
- Experience using or administering Linux and Windows operating systems;
- GIT experience very helpful
- CISSP, Security +
• Any AWS / Cloud experience is a plus
• Prior DoD Civilian or Military service desired.