The Cyber Security Engineer is part of the Leidos team which provides IT repair, maintenance, operations, logistics, and engineering services to ensure secure, reliable, and uninterrupted availability of Army Military Intelligence Enterprise IT Systems. The Cyber Security Engineer will work directly with INSCOM G6 and DIA Certifiers to obtain and maintain the JMICS Type Accreditation or “Type ATO” and will work directly with JMICS Systems Architect, Systems Engineer and Systems Administrators to ensure any changes to the JMICS systems are done in accordance to ICD-503 and DoD standards. The successful candidate will monitor programs for unauthorized vulnerabilities and work with the JMICS Engineering group to remediate or mitigate findings. The Cyber Security Engineer will also work with JMICS Government PM and JMICS Engineering group to create and maintain all JMICS ATO Documentation and system security documentation. This position supports the JMICS/C-JWICS systems at the Service Center, Fort Bragg, NC 28310
- Design, evaluate and test systems security to ensure data and system integrity for the JMICS program.
- Create and ensure the JMICS programs Information Assurance documentation, polices, and procedures are properly aligned to the standards set forth by DIA, DISA, DoD and Army Policy. Verify that said documentation is updated as required when policies change. Must be able to guide an information system successfully through the RMF Assess and Authorize (A&A) process to obtain an ATO.
- Conduct routine risk assessments of the JMICS Program and each of the systems assigned to the program. Risk assessments include full system scans using ACAS, SCC, and Nessus, comparing system security settings to the applicable IAVA and STIG’s as they are updated by DISA.
- Work with the JMICS Cyber Security team to harden the JMICS Secure Baseline.
- Conduct site visits completing site level certification tests, site surveys, and risk analysis.
- Ensure the JMICS Secure Baseline is properly maintained and secured as required by DIA, DISA, DoD, and Army policy. Verify said baselines are adjusted, adapted, and upgraded to ensure that all unauthorized vulnerabilities found during the risk assessments are properly removed or mitigated to an acceptable level and to ensure the software used within the JMICS program is approved IAW the APL.
- Perform Research and Development to ensure all new software and hardware to be deployed on the JMICS system meets all the security requirements.
- Develop and modify software tools to assist system admins in the advanced configuration and reconfiguration of the JMICS Information Systems.
- Serve as a member of the JMICS Configuration Management Board.
- Bachelor's degree in a relevant field with 4+ years of related Information Assurance/Cyber Security experience. Additional training and/or years of experience is accepted in lieu of a degree.
- Specific experience with the following: writing\maintaining IA Policy and Procedures, Certification and Accreditation Process, DISA STIGS, system vulnerability scanning software (ACAS\Nessus and SCC preferred), Securing and Configuring Windows Server 2008/2016 and Windows 7/10, system virtualization (ESXi preferred), vulnerability management and remediation, cyber security incident response and handling, and Change Management processes.
- Currently possess DoD 8750 IA certification at IAM II: CISSP, CISM, or CASP.
- Currently possess DoD 8750 Computer Environment (CE) Certification relevant to the position: CompTIA Server+ or related.
- Currently possess an active DoD TS/SCI security clearance.
- Experience with Baseline Creation and Deployment (Sysprepping, Ghost, and virtual importing and exporting preferred.
- Experience hardening and maintaining Windows 7/10, Windows Server 2008/2016, VMWare (ESXi) and RedHat Enterprise Linux platforms.
- Experience with PowerShell Scripting
- Experience with Vulnerability Scanning, DISA STIG’s, eMASS, Security Center/ACAS/Nessus
- Experience with hardening Cisco networking devices
- The ability to create and develop policy and procedures IAW security controls
- Understanding of security control overlays
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Top Secret/SCI
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Information Assurance
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.