To our valued Leidos candidates:

Coronavirus is on everyone's mind with the effects being felt around the world. The markets are volatile, and we're all concerned for the health and safety of our families, friends, and colleagues. Please know that we're taking all necessary measures to safeguard our employees, customers and the communities in which we live, including following all recommended best practices around social distancing.

With that in mind, in an abundance of caution, we are canceling all face to face career events, such as job fairs and open house events. In the coming days and weeks, we will be hosting career events virtually, using our online chat tools so that we may continue our hiring practice safely and securely. You can find available virtual career events at https://career-events.leidos.com.

We are using telephone meetings and online chats via Brazen to conduct interviews and hiring discussions, and we are offering options for video interviews so that you can have a virtual face to face meeting with your potential new leader. We do not conduct interviews or extend offers via text or chat based social media, such as WhatsApp or MySpace.

Leidos will never ask you to provide payment-related information at any part of the employment application process, nor will Leidos ever advance money as part of the hiring process. And Leidos will communicate with you only through emails that are generated by Leidos.com automated system. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to Chris Scalia, Leidos’ Senior Vice President of Talent Acquisition, at [email protected].

As a company, as a country, as a world, we have confronted challenging moments before. We are confident that, guided by our values and the strength of our community as well as the commitment we have to the important work we do each day, we will find our way through this time together. We will do this with the care and concern for one another and the common good that defines. Please keep those impacted by the virus in your thoughts.

Close Window
Join our talent network

Job #: R-00054357
Location: Huntsville, AL
Category: Information Assurance
Schedule (FT/PT): Full Time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: No
Clearance: Public Trust
Referral Eligibility: Ineligible
Group: Civil

This job posting is no longer active.

Share: mail twitter linkedin

Description

Job Description:

This is an opportunity to support NASA and the End User Services Office (EUSO). In this mission we manage the primary infrastructure and core services. We operate, maintain, deploy, and manage an existing Government furnished systems. The candidate will support the Assessment and Authorization, Vulnerability Management, and Security Engineering. Provide analytical and technical security recommendations to the team, oversight boards, and customer. Meet with clients and management to help specify and negotiate application and system security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production.

What You'll Get to Do:

The successful candidate will manage the overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles of NASA EUSO Systems. Will develop, maintain, and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems. Will conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance; document, organize, and implement security control requirements; identify current and new risks; and prepare vulnerability test plans and coordinate the testing and result procedures. Will conduct analysis of identified vulnerabilities and work with the teams to coordinate mitigation actions. Oversee all the POA&Ms and RBD’s identified for the end user services office and ensuring compliance and actions are reported. Ensuring the proper NIST Guidelines for each system component are applied; register the system in the NASA Assessment tool RISCS to support the Risk Management Framework (RMF) process. Lead a team of Cybersecurity professionals for vulnerability management and help manage projects though the lifecycle.
 

•Support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on production and development networks.

•Provide professional security services for IA/Cybersecurity in accordance with US Government (USG) and NIST policies and guidelines.

•Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.

•Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).

•Management of Plan of Action and Milestones (POA&Ms) to completion through the vulnerability management lifecycle, while working with operations on solidifying a plan to mitigate according to NIST guidelines.

System and applications vulnerability assessment with tools such as Nessus, BigFix, SCCM, Jamf, Satellite, and the RISCS tools.

•Providing configuration management for security-relevant information system software.

•Contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.

•Analyzes and documents results of security compliance & vulnerability scanning in order to identify vulnerabilities and coordinate associated remediation efforts

•Creates Security Test Plans in accordance with NIST 800-53 rev 4 standards

•Communicating with and working closely with System Engineering and operations teams to ensure that the hardware and software implementation meets the security requirements for processing classified information.

•Analyzing and assessing system implementation against multiple security compliance policies and evaluating the impact of new development.

•Developing technical solutions for security-related vulnerabilities using solid security standards and best practices.

•Evaluating, reviewing, and/or testing security-critical software.

•Auditing and assessing system security policies and configuration settings.

You'll Bring These Qualifications:

•A BA/BS degree and 8-12 years of prior relevant experience

•Must have a minimum of five (5) experience working in an IT environment similar in size (or larger) and scope to this task order.

•Must have a minimum of 5 (5) working knowledge of large, complex IT environments.

•Experience meeting with clients and management to specify and negotiate application security requirement, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of application to production.

•Experienced in providing risk analysis for vulnerabilities, incidents and change request.

•Experienced in being an active member in technical workgroups to recommend effective security configurations and architecture.

•Experienced in developing documentation to support ongoing security systems operations, maintenance and specific problem resolution.

•Ability for oral and written communications with the highest level of management.

•Ability for oral and written communications with the highest level of management.

These Qualifications Would be Nice to Have:

•7+ years of experience in IA/Cybersecurity.

•Security certificates such as CISSP, CISM, GSLC, or CASP.

•Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.

•Experience complying with USG and NIST regulations and preparing for responding to information security audits and questionnaires.

•Understanding of related information technology (e.g. firewalls, VPN, virtualization, DLP, etc) and physical security assets.

•Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.

•Experience with UNIX/LINUX OS and any scripting language.

•Experience working with IDS/IPS and processes.

External Referral Bonus:

Ineligible

Potential for Telework:

No

Clearance Level Required:

Public Trust

Travel:

Yes, 10% of the time

Scheduled Weekly Hours:

40

Shift:

Day

Requisition Category:

Professional

Job Family:

Information Assurance

Pay Range:

About Leidos

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 40,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

This job posting is no longer active.

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community