Leidos Enterprise & Cyber Solutions Defense Team is seeking a Cloud ISSM Technical Subject Matter Expert, to work under the direction of a senior ISSM managing cybersecurity for cloud systems to achieve and maintain accreditation under the Risk Management Framework. This position will support multiple cloud systems and projects to include Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and enterprise Software as a Service (SaaS). You ISSM SME will document standard security procedures in accordance with the Risk Management Framework (RMF) requirements, you will coordinate with business area managers /professional staff on system security compliance and you will be responsible for maintaining and supporting RMF Information System ATOs. In addition to this, you will conduct periodic reviews to ensure compliance with established policies and procedures. Your day to day, regular tasking would include but is not limited to secure baseline identification and validation per security categorization and subsequent system security plan, security control testing, vulnerability and threat assessment, FEDRAMP and DISA Cloud Access Point interactions and system (eMASS) record development and maintenance.
Clearance: You must hold an active DoD Secret security clearance; US Citizenship is required.
Location: This is a 100% Telework (within the U.S.) role with the option to report to our Vicksburg, MS customer site.
• Develop and maintain USACE enterprise cloud cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
• Ensure that cloud information owners and stewards associated with USACE/DoD information received, processed, stored, displayed, or transmitted on each USACE enterprise system are identified in order to establish accountability, access approvals, and special handling requirements.
• Develop and maintain eMASS records for all USACE cloud system-level cybersecurity-related documentation.
• Ensure that ISSMs/ISSOs are appointed in writing and provide oversight to ensure that they are following established cybersecurity policies and procedures.
• Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring. This includes Cloud Service Providers and Cyber Security Service Providers.
• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Ensure implementation of IS security measures and procedures, including reporting incidents to the AO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD, Army, and USACE policies, processes, and procedures.
• Act as a cloud cybersecurity technical advisor to the AO for USACE cloud systems under their purview.
• Ensure that cybersecurity-related events or configuration changes that may impact USACE cloud systems authorization or security posture are formally reported to the AO and other affected parties, such as information owners and stewards and AOs of interconnected DoD ISs.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a USACE cloud system.
- Bachelor’s degree in Computer Science/Information Technology preferred; Bachelor in other major with years of experience and certification is acceptable and 8+ years of experience. Equivalent work experience may be considered in lieu of degree.
- Must hold currentDOD 8570.01, IAM-I/IAM-II/IAM-III (CISSP or CAP or CISM-required for IAM-II and IAM-III)
- Eight (8) or more years’ experience in the following areas:
- Cyber security, Information Assurance/Information System Security Engineering for Cloud initiatives
- FEDRAMP certification process and DISA Cloud Access Point process
- RMF assessment and authroization (NIST SP800-53A, CNSSI 1253, DOD8500.1, DOD 8510.01)
- DISA STIG and SRR compliance test and verification
- ACAS/SCAP vulnerability scanning and secure baseline/system security plan continuous monitoring
- DoD and Army Information Security regulations, publications, and policy
- Demonstrated experience applying security risk assessment methodology to system development and existing IT infrastructure, including threat model development, vulnerability assessments, and resulting security risk analysis
- FEDRAMP certification process and DISA Cloud Access Point process
- Working knowledge of standard cloud technologies to include IaaS, PaaS, and SaaS
- Experience with :
- Microsoft Azure, AWS, or OCS
- Information Assurance, Cyber Security, and Assessment & Authorization experience
- Experience developing A&A documentation from scratch and performing assessments.
- Demonstrate proficiency in the following areas: research, multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment.
External Referral Bonus:Eligible
Potential for Telework:Yes
Clearance Level Required:Secret
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Information Assurance
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.