Leidos is seeking a Cloud Information System Security Manager (ISSM) to work with a team of other ISSMs charged with overseeing multiple USACE cloud environments defining and managing cybersecurity to achieve and maintain authorizations under the Risk Management Framework. This position will support multiple cloud systems and projects. The ISSM will establish and document standard security procedures in accordance with the Risk Management Framework (RMF) requirements. The ISSM will coordinate with business area managers /professional staff on system security compliance. The ISSM will be responsible for implementing, maintaining and supporting RMF Information System ATOs. They will conduct periodic reviews to ensure compliance with established policies and procedures. This will include, but not be limited to ensuring that all software, and system changes recorded as required by established configuration management procedures. The ISSM will ensure implementation of security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate. Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures.
Regular tasking would include but not be limited to secure baseline identification and validation per security categorization and subsequent system security plan, vulnerability and threat assessment, FEDRAMP and DISA Cloud Access Point interactions and direct the DoD RMF accreditation process to achieve ATOs through the Enterprise Mission Assurance Support Service (eMASS). This position requires US citizenship and an active DoD Secret security clearance.
- Develop and maintain system cybersecurity programs for USACE cloud systems that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
- Ensure that Information Owners and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each USACE cloud system are identified in order to establish accountability, access approvals, and special handling requirements.
- Maintain all USACE cloud cybersecurity-related documentation in eMASS, which is the USACE primary workflow tool and data repository for RMF authorizations.
- Monitor USACE cloud compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.
- Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
- Ensure implementation of IS security measures and procedures, including reporting incidents to the Cloud PMO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 4 for CUI.
- Act as a cybersecurity technical advisor for USACE cloud projects, USACE Cloud PMO, and the USACE ISSM-P
- Ensure that cybersecurity-related events or configuration changes that may impact USACE cloud systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs.
- Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
- Manage all Cloud system POA&M items in the RMF and eMASS system and ensure continuous monitoring requirements are met.
- Review the Federal Risk and Authorization Management Program (FedRAMP) and DoD Provisional Authority (PA) artifacts to understand the risk that the AO will inherit for USACE cloud systems.
- Required Education: Bachelor’s degree in Computer Science/Information Technology preferred; Bachelor in other major with years of experience and certification is acceptable.
- Certifications: DOD 8570.01, IAM-II/IAM-III (CISSP or CAP or CISM-required)
- Eight (8) or more years’ experience in the following areas:
- Cyber security, Information Assurance/Information System Security Engineering for Cloud initiatives
- FEDRAMP certification process and DISA Cloud Access Point process
- RMF and eMASS accreditation (NIST SP800-53A, CNSSI 1253, DOD8500.1, DOD 8510.01)
- DISA STIG and SRR compliance test and verification
- ACAS/SCAP vulnerability scanning and secure baseline/system security plan continuous monitoring
- DoD and Army Information Security regulations, publications, and policy
- Demonstrated experience applying security risk assessment methodology to system development and existing IT infrastructure, including threat model development, vulnerability assessments, and resulting security risk analysis
- Additional desired certifications include CCNA, CCSP, MCSE, and/or SANS GIAC.
- Working knowledge of standard cloud technologies to include IaaS, PaaS, and SaaS
- Experience with :
- Microsoft Azure, AWS, or OCS
- Information Assurance, Cyber Security, and Certification & Accreditation experience
- Experience developing A&A documentation from scratch and performing assessments.
- Demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment.
External Referral Bonus:Eligible
Potential for Telework:Yes
Clearance Level Required:Secret
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Cyber Security
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to firstname.lastname@example.org.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.