Information System Security Engineer (ISSE)
Leidos is looking for a Security Engineer to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced cryptographic key management program. Program execution follows DEVOPS best practices and employs robust development, test and production environments. Our team of security engineers support enhancements to system security architecture and cyber security capabilities; manage multiple system security plans for development, test and production systems at multiple classification levels following the Risk Management Framework (RMF); manage cross domain capabilities; and support Security Verification Testing (SVT) of relevant Type 1 devices. Leidos is the prime contractor providing system engineering, development, test, integration and operational support. This new program is focused on injecting new technology and adding advanced capabilities over the coming three years while continuing to support an on-going mission and operational system.
The selected candidate will provide support for adding new capabilities to a complex network system with geographically distributed components that has exacting interface, performance and security requirements. He/she will become part of a team of Security Engineers working on solving challenging issues on a nationally significant defense program. The program makes heavy use Public Key Infrastructure (PKI), cryptographic technologies, and cross domain solutions. The selected individual will collaborate with other engineers and technical experts in providing improvements to our operational, test, integration, and development systems.
- Validating and verifying system security requirements.
- Evaluating security solutions to ensure they meet customer specified requirements for processing classified information.
- Providing configuration management for security-relevant information system software.
- Assessing and mitigating system security threats/risks.
- Assisting in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and enterprise solutions.
- Contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.
- Participating in program increment planning and related agile team activities.
- Communicating with and working closely with System Engineering, Test Engineering, and Integration teams to ensure that the hardware and software implementation meets the security requirements for processing classified information.
- Analyzing and assessing system implementation against multiple security compliance policies and evaluating the impact of new development.
- Collaborating with development teams to identify and resolve security issues.
- Developing technical solutions for security-related vulnerabilities using solid security standards and best practices.
- Evaluating, reviewing, and/or testing security-critical software.
- Auditing and assessing system security policies and configuration settings.
- Analyzing security compliance requirements for new system features and proactively identifying potential security issues.
- Supporting risk assessment and risk management.
- Participating in security verification testing of relevant type 1 devices.
- Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline and at least 2 years of relevant experience or a Master’s degree.
- Additional experience may be substituted for a Degree.
- Must have experience with secure configurations of commonly used desktop and server operating systems.
- Must have experience or familiarity with applying Risk Management Framework and formulating and assessing IT security policy.
- Must have demonstrated knowledge of one or more common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
- Must be comfortable working on multiple systems and components simultaneously, possibly with various configurations.
- Must have strong verbal and written communications skills.
- Must be committed to adopting and adhering to best practices.
- Must be able to effectively plan and prioritize personal tasking.
- Must be capable of performing high quality work both independently and with a team in a fast-moving environment.
- Experience or familiarity with Defense in Depth Principals.
- One or more of the following: DoD 8570 compliance with IASAE; Information Systems Security Engineering Professional (ISSEP) Certification; Computer Information Systems Security Professional (CISSP) Certification.
- Experience with integrated security services management processes (i.e. assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response).
- Experience providing information assurance support for application development.
- Experience with penetration testing tools and hands-on vulnerability testing.
- Experience with scripting languages.
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Top Secret/SCI with Polygraph
Scheduled Weekly Hours:40
Job Family:Information Assurance
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 38,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $11.09 billion for the fiscal year ended January 3, 2020. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.