Leidos is hiring an Information Assurance Security Engineer (IASE) / Information Systems Security Engineer (ISSE) in Suitland, MD to provide direct security engineering support to the execution of the customer's Information Assurance (IA) Certification and Accreditation (C&A)/Assessment and Authorization (A&A) mission.
All work is onsite in Suitland, MD. Candidates must have an an active TS/SCI to qualify for the role.
The IASE/ISSE will be responsible for:
Support of the design, development, integration, testing, implementation, deployment and operations & maintenance (O&M) of tools for the automation of security testing in support of C&A/A&A.
Partnering with colleagues to perform architectural design, integration, installation, configuration, testing, and administration of systems and capabilities to support the scanning, monitoring, and reporting of Information Assurance Vulnerability Alerts (IAVA)/Intelligence Community Vulnerability Alerts (ICVA) for the Naval Intelligence (NAVINTEL) Community.
Integration, installation, configuration, testing, administration of C&A Management tools and capabilities to implement A&A business processes, workflow, ICD-503, NIST 800-53 security controls mappings, and FISMA reporting.
Integrating and testing new features and functions within the A&A Management solution. This includes, but may not be limited to, DoD 8500.2, and NIST 800-53 Security Controls mappings; implementing updates business processes, workflow, and templates; and direct support to Fleet customers.
System administration and O&M support for the A&A Management capability.
Performing security assessments; design reviews; and providing guidance on new technologies for Fleet customers. New technologies may include, but are not limited to, Cloud technologies, Cross Domain Solutions, Hardware, Operating System, Web technologies; and Databases.
Providing Security Engineering, on an as needed basis, to support to the Security Controls Assessors (SCAs) and Validators for A&A and C&A efforts, respectively.
Design, development, integration, testing, documentation, system administration, ISSO responsibilities, and O&M for systems that support hidden/malicious file content analysis and reporting; Reliable Human Review (RHR) workflow functionality, enforcement, and audit; and cross-domain transfers.
Active TS/SCI clearance
Candidate must meet DoD 8570.1M requirements and possess an active CISSP certification.
BS in CS, IT, Cyber Security, Information Assurance or a related field
8+ years of Security Engineering experience with DIACAP, DCID 6/3, ICD-503, and/or NIST Risk Management Framework
Experience in system/software design, development, integration, testing, system administration, O&M.
Experience implementing and executing software and security engineering practices in the SDLC process.
Experience with DoD, DISA, FLTCYBERCOM, DoDIIS, and IC tools, systems, reporting mechanisms and requirements for C&A.
Technical knowledge of the DoD, IC, and national level system security initiatives and Secure Information/LAN/WAN/Cloud Technologies/Cross, Domain Solutions (CDSs) technologies
Experience designing, developing and using host based and network based scanning tools; experience with SCAP based tools and specifications.
Experience in OS hardening; securing systems/software IAW IC, DoD, and industry best practices; development of security controls, testing methodologies, and procedures for systems, cloud based architectures and CDSs. (RHEL) environment.
Knowledge of development in Oracle Solaris or Red Hat Enterprise Linux
Experience developing in a MS Windows 2012R2 or Windows 10
Knowledge of OpenOffice or LibreOffice integration or development
MS in CS or IT with IA
Active ISSEP certification