Leidos is seeking an IT Security Engineer for the ESA IV program. The ESA IV Security team supports multiple DOJ components (ATF, USTP, ATR). This position will primarily support the DOJ Alcohol Tobacco Firearms and Explosives (ATF) component.
This position is for an Information Assurance Analyst focused on security compliance reviews. This includes but is not limited to annual audits (e.g. OMB, A123, FISMA) and maintenance of records in the compliance management system (e.g. POAMs, waivers, registered assets).
The candidate may also be involved in other security assessment activities including but not limited to: Risk Management Framework elements, assessment of security controls, and assessment of new functions. The candidate may act as the interface between auditors and system subject matter experts. This will require the candidate to understand the target systems to appropriately decompose inquiries to actionable items for SMEs, then validate the SME responses. The candidate should understand how to document system compliance with government security controls (e.g. 800-53, FISMA). The candidate may also support Security Operations, e.g. conducting security scans.
- Bachelor's degree and less than 2 years of experience, additional years of experience will be considered in lieu of degree
- Clear verbal and written communication skills are essential
- Project planning skills to identify how to meet schedules, identify dependencies, and identify risks and work arounds
- Experience with supporting assessment of IT systems compliance with Federal IT Security standards (e.g. NIST 800-53, FISMA)
- Working knowledge of Federal Certification and Accreditation practices
- Ability to respond to security audits and compliance assessments including decomposing auditor requests to actionable items, compiling and presenting security audit artifacts
- Ability to evaluate IT system compliance with government and commercial security practices (e.g. DISA STIGS, SANS Top 25)
- General knowledge of enterprise scale IT systems, architectures and components (servers, and virtualization, networking, security appliances, SAAS, IAAS) particularly the system integration challenges balancing secure operations with operational need
- Solid communication and documentation skills
- Experience with DOJ compliance environment and related tools (CSAM, Tenable Security Center, application scanners, database scanners)
- Ability to compile and update system accreditation packages
- Basic experience or familiarity with cloud computing and applicable security practices (e.g. FedRAMP, SAAS, IAAS)
- Ability to recognize security risks, document risk, and clearly communicate findings and recommendations.
- Basic cyber security knowledge supporting Incident Response events
This position requires a security investigation completed by the ATF and ATR to permit access to customer-sensitive information.