The Homeland Security Solutions (HSS) Operation within the Intelligence Group at Leidos currently has an opening for an Information Systems Security Manager (ISSM) to work in Ashburn, Virginia. The ISSM will provide security oversight to the Enterprise Cloud and IT Services (ECIS) program, to the Department of Homeland Security (DHS) Customs and Border Protection (CBP). Services provided by ECIS include: cloud enterprise infrastructure, cloud enterprise platform, cloud enterprise service, provisioning of Cloud Service Provider (CSP) resources, cloud enterprise security, provisioning of connectivity between multiple CSPs and the CBP network, provisioning of Cloud Access Point – secure connectivity between CBP and any CSPs, and compliance with government security policies
The ECIS program supports DHS/CBP components and other federal agencies. The general scope involves oversight and day to day engagement with security engineers, IT staff and customers for:
- Assure cloud services adhere to CBP, DHS, NIST and relevant security standards
- Interface with Enterprise Security Operations Center to assure ECIS security posture is sustained.
- Assure Service Security– Assure ECIS services adhere to applicable security standards (NIST, DHS, CBP)
- Assess Tools Integration – Assure current and recommended tools to continually protect ECIS assets from internal and external threat actors.
- Assure infusion of security controls and practices within the ECIS ecosystem
- Oversee Vulnerability Management – security configuration management, patch management
- Operation of security infrastructure – certificate authorities, scanning infrastructure, log archive infrastructure
- Lead Offensive/Defensive Security operations
- Governance – Interface with DHS/CBP customer to continually evolve policy and compliance.
- Incident Response – Interface with DHS/CBP Security Operations Center.
- Risk Management Framework activity support
- Support and perform security audits as recommended.
- Security Engineering: Support integration of new or updated applications in the environment
- Support integration of new security services and tools into the environment
The IT asset scope can vary by customer to include end user devices (workstations, mobile devices), on premise infrastructure (servers, network devices, storage), cloud services, SaaS, PaaS and IaaS. The security team generally utilizes security tools to manage the environment. The IT Security Manager should provide a pragmatic approach to IT security, balancing operational needs and resources with compliance requirements. The IT Security Manager will interface directly with Leidos and customer senior leadership as well as staff across ECIS and adjoining programs.
- U.S. Citizenship
- Bachelor’s degree and 12 years prior relevant experience or Master’s degree and 10 years prior relevant experience
- Communications: ability to clearly develop and articulate plans, issues, and status to senior leadership and working staff.
- Experience with offensive and defensive cyber operations (cloud agnostic)
- Experience with NIST, FISMA, FedRAMP and relevant cloud security policies and methods
- Experience with Security tools to thwart internal and external threat actors
- Ability to interface with Security Operations Center
- Ability to establish effective working relationships with customers, team mates, and external partners and interfaces.
- Broad IT operations and application experience
- Operations management: utilize IT operations and procedures to meet SLAs, performance and compliance measurements.
- Evolve procedures for increase effectiveness / efficiency and adapt to changing IT landscape (e.g. cloud migration, increasing mobile workforce, edge computing)
- Systems Integration: experience integrating and debugging IT systems and applications.
- Ability to develop and execute plans to implement new procedures and capabilities.
- System security approval and Risk Management Framework: experience managing systems through approval and continuous monitoring.
- Security tools and technology: working familiarity with implementation and management of a range of security technology: Network design, network security, and network security appliances; security assessment and scanning tools (OS, database, application level); system hardening implementation and compliance; network and application security monitoring and system auditing.
- People management: team performance management, staffing; ability to multiplex across multiple concurrent customers and tasks.
IT Technology – working knowledge in the implementation and operations of:
- Master's Degree in Engineering, Information Technology, Computer Science, Information Systems, or related field.
- Emerging cloud technology (containers) Identity management, active directory, federated identity, certificate management, privileged access management
- Operating systems security features: Windows (all flavors), Linux, IOS
- Fundamental knowledge of cloud (AWS, Azure, Google) security services.
- IT Security policies and procedures: familiarity and ability to research and facilitate compliance with NIST, OMB, DHS, CBP security policies and procedures
- SOC operations: general understanding of current and evolving state of practice for SOC operations (operations, threat hunting, intelligence integration)
- SecDevOps, Security software engineering: experience working with IT teams to ensure security concerns are incorporated in program activities
- Security tools and technology: working knowledge of Tenable Security Center, DHS SPDR, Splunk, Continuous Diagnostic Monitoring Tools
- System accreditation tools: direct experience with one or more system accreditation management tools (CSAM, Xacta, Risk Vision)
- Certifications: one or more security related certifications: e.g. CISSP, CEH, ISSEP, ISSAP
- Familiarity with Zero Trust and other modern security models
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Other Clearance
Travel:Yes, 25% of the time
Scheduled Weekly Hours:40
Job Family:Information Assurance
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 38,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $11.09 billion for the fiscal year ended January 3, 2020. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.