Leidos Military and Veterans Health Solutions (MVHS), part of Leidos Health, seeks a Lead Enterprise Security Architect with strong background, skill and expertise that combines cybersecurity with knowledge of Agile application development and DevSecOps. The right candidate will have established experience with cloud platform services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating security processes in CI/CD pipelines, and general automation.
Applicants for this remote or telecommuting position can perform this job anywhere in the U.S.
Successful candidates can expect to divide their time between two (2) types of assignments. First, they will research, develop, author and present cybersecurity guidance and security architectural standards in the area of DevSecOps and related technologies for the VA Office of Enterprise Security Architecture (ESA). They will help build a DevSecOps Strategy and Practice that integrate cybersecurity into the adoption and improvement of agile practices at the Department of Veterans Affairs. They will collaborate with VA engineering, development and security teams and their leads to create, implement and apply DevSecOps principles, processes and culture. Architects will provide subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle. Candidates will advocate for software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices and requirements capturing techniques to improve end-to-end secure delivery practices.
Second, the DevSecOps security lead architects will act as cybersecurity consultants, including conducting architectural risk assessments on VA application development projects. Leads will collaborate with VA development and operations teams to facilitate practical automation solutions and custom modules. They will act as trusted automation and tooling advisors for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice. They may assist application teams with on-boarding adopted security tools/technologies or work with vendors to troubleshoot the platform and issues related to such integrations. They work with teams to bring continuous improvement to DevSecOps processes and tools.
Employees may also provide subject matter expertise from time to time to other Leidos Health teams on an ad hoc basis.
- Masters of Arts (MA)/Masters of Science (MS) with at least fifteen (15) years of experience in information technology, application development or cybersecurity
- Candidate must be able to pass a VA High/BI Public Trust background investigation, including a National Agency Check (NAC) covering the past seven (7) years.
- Candidates should have a minimum of 5 years of DevSecOps experience with actual/active development experience in an Agile environment. That should include hands-on experience integrating Agile software development frameworks such as SAFe with DevSecOps methodologies.
- Must possess expertise in multiple areas of information technology such as but not limited to: enterprise security architecture, cybersecurity engineering, telecommunications systems design, IT operations, risk assessments, vulnerability management, cloud technologies, system security, the Internet of Things (IoT) and privacy for both traditional and next-generation IT digital architectures.
- Working knowledge of Git and repository providers such as GitHub, GitLab, Bitbucket, experience implementing both container and orchestration infrastructure utilizing platforms such as Docker and Kubernetes and working knowledge of automated CI/CD build engines such as Jenkins, GitLab CI/CD, GitHub Pipelines, CircleCI, TravisCI. Other desired experience would include implementing Automated Testing frameworks including Selenium, as well as Salesforce specific tools such as Provar, and experience integrating deployments with industry standard DevSecOps tooling and orchestration.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Advanced IT cybersecurity certifications (CISSP, CISM, CISA, CIPP, CEH, or the equivalent).
- Knowledge and familiarity with cybersecurity practices and trends for US government information technology, especially at VA or DoD, although we value similar cybersecurity experience acquired at other federal agencies or departments.
- Familiar with creating and interpreting security diagram overlays and updates, determining security requirements, and security mitigation implementation
External Referral Bonus:Ineligible
Potential for Telework:Yes
Clearance Level Required:Public Trust
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Security Architecture and Engineering
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.