To our valued Leidos candidates:

Coronavirus is on everyone's mind with the effects being felt around the world. The markets are volatile, and we're all concerned for the health and safety of our families, friends, and colleagues. Please know that we're taking all necessary measures to safeguard our employees, customers and the communities in which we live, including following all recommended best practices around social distancing.

With that in mind, in an abundance of caution, we are canceling all face to face career events, such as job fairs and open house events. In the coming days and weeks, we will be hosting career events virtually, using our online chat tools so that we may continue our hiring practice safely and securely. You can find available virtual career events at https://career-events.leidos.com.

We are using telephone meetings and online chats via Brazen to conduct interviews and hiring discussions, and we are offering options for video interviews so that you can have a virtual face to face meeting with your potential new leader. We do not conduct interviews or extend offers via text or chat based social media, such as WhatsApp or MySpace.

Leidos will never ask you to provide payment-related information at any part of the employment application process, nor will Leidos ever advance money as part of the hiring process. And Leidos will communicate with you only through emails that are generated by Leidos.com automated system. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to Chris Scalia, Leidos’ Senior Vice President of Talent Acquisition, at [email protected].

As a company, as a country, as a world, we have confronted challenging moments before. We are confident that, guided by our values and the strength of our community as well as the commitment we have to the important work we do each day, we will find our way through this time together. We will do this with the care and concern for one another and the common good that defines. Please keep those impacted by the virus in your thoughts.

Close Window
Join our talent network

Job #: R-00039868
Location: Huntsville, AL
Category: Information Assurance
Schedule (FT/PT): Full Time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: No
Clearance Required: Public Trust
Referral Eligibility: Ineligible
Group: Civil

Share: mail twitter linkedin

Description

Job Description:

Job Description:

More About the Role:

This is an opportunity to support NASA and the End User Services Office (EUSO). In this mission we manage the primary infrastructure and core services. We operate, maintain, deploy, and manage an existing Government furnished systems. The candidate will be the lead for Assessment and Authorization, Vulnerability Management, and Security Engineering. Provide analytical and technical security recommendations to the team, oversight boards, and customer. Meet with clients and management to help specify and negotiate application and system security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production.

What You'll Get to Do:

The successful candidate will manage the overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles of NASA EUSO Systems. Will develop, maintain, and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems. Will conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance; document, organize, and implement security control requirements; identify current and new risks; and prepare vulnerability test plans and coordinate the testing and result procedures. Will conduct analysis to ensure the proper NIST Guidelines for each system component are applied; register the system in the NASA Assessment tool RISCS to support the Risk Management Framework (RMF) process; input RISCS entries on all required and applicable NIST controls; assist in the development of the RMF package to achieve an Authority to Operate (ATO); and assist in the development of the SSP and required artifacts/documentation under RMF. Lead a team of Cybersecurity professionals and help manage projects though the lifecycle.
 

•Support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on production and development networks.

•Provide professional security services for IA/Cybersecurity in accordance with US Government (USG) and NIST policies and guidelines.

•Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.

•Provide technical assistance in support of Cybersecurity inspections and Site Assistance Visits (SAV).

•Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).

•Understand FISMA and the application, documentation and assessment of NIST 800-53 security controls.

•Assist with all facets of the Assessment and Authorization (A&A) process as it relates to FISMA and NIST in a NASA mission focused environment. To include documentation, data collection and entry within a centralized repository and plan of action coordination and tracking.

•Perform support activities associated with the design, development, implementation, and maintenance of IT systems.

• Perform systems requirements development and allocation and develop the appropriate engineering documentation.

•Performs independent assessments (system and software security vulnerability, threat, and risk assessments) on development and large-scale operational environments.

•Performs full-lifecycle (i.e., Concept to Deployment) Information Assurance (IA) security analyses to ensure the logical and systematic conversion of customer or product requirements into total secure systems solutions that acknowledge technical constraints.

You'll Bring These Qualifications:

•A BA/BS degree and 8-12 years of prior relevant experience.. Years of work experience may be substituted one for one with college years.

•Five (5) or more recent/current year’s professional experience within the designated SME area beyond BA/BS or equivalence (except where otherwise specifically noted).

•Must have a minimum of three (3) experience working in an IT environment similar in size (or larger) and scope to this task order.

•Must have a minimum of three (3) working knowledge of large, complex IT environments.

•Experience meeting with clients and management to specify and negotiate application security requirement, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of application to production.

•Experienced in providing risk analysis for vulnerabilities, incidents and change request.

•Experienced in being an active member in technical workgroups to recommend effective security configurations and architecture.

•Experienced in developing documentation to support ongoing security systems operations, maintenance and specific problem resolution.

•Ability for oral and written communications with the highest level of management.

•Ability for oral and written communications with the highest level of management.

These Qualifications Would be Nice to Have:

•5+ years of experience in IA/Cybersecurity.

•Security certificates such as CISSP, CISM, GSLC, or CASP.

•Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.

•Experience complying with USG and NIST regulations and preparing for responding to information security audits and questionnaires.

•Understanding of related information technology (e.g. firewalls, VPN, virtualization, DLP, etc) and physical security assets.

•Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.

•Experience with UNIX/LINUX OS and any scripting language.

•Experience working with IDS/IPS and processes.

External Referral Bonus:

Ineligible

Potential for Telework:

No

Clearance Level Required:

Public Trust

Travel:

Yes, 10% of the time

Scheduled Weekly Hours:

40

Shift:

Day

Requisition Category:

Professional

Job Family:

Information Assurance

Leidos

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

   Save Job Saved

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community