To our valued Leidos candidates:

Coronavirus is on everyone's mind with the effects being felt around the world. The markets are volatile, and we're all concerned for the health and safety of our families, friends, and colleagues. Please know that we're taking all necessary measures to safeguard our employees, customers and the communities in which we live, including following all recommended best practices around social distancing.

With that in mind, in an abundance of caution, we are canceling all face to face career events, such as job fairs and open house events. In the coming days and weeks, we will be hosting career events virtually, using our online chat tools so that we may continue our hiring practice safely and securely. You can find available virtual career events at https://career-events.leidos.com.

We are using telephone meetings and online chats via Brazen to conduct interviews and hiring discussions, and we are offering options for video interviews so that you can have a virtual face to face meeting with your potential new leader. We do not conduct interviews or extend offers via text or chat based social media, such as WhatsApp or MySpace.

Leidos will never ask you to provide payment-related information at any part of the employment application process, nor will Leidos ever advance money as part of the hiring process. And Leidos will communicate with you only through emails that are generated by Leidos.com automated system. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to Chris Scalia, Leidos’ Senior Vice President of Talent Acquisition, at [email protected].

As a company, as a country, as a world, we have confronted challenging moments before. We are confident that, guided by our values and the strength of our community as well as the commitment we have to the important work we do each day, we will find our way through this time together. We will do this with the care and concern for one another and the common good that defines. Please keep those impacted by the virus in your thoughts.

Close Window
Join our talent network

Job #: R-00060461
Location: Washington, DC
Category: Cyber Operations
Schedule (FT/PT): Full Time
Travel Required: No
Shift: Day
Potential for Telework: No
Clearance: None
Referral Eligibility: Eligible
Referral Bonus Amount: $5000
Group: Intelligence

Share: mail twitter linkedin

Description

Job Description:

The DHS ICE SOC is responsible for the Information Security Vulnerability Management Program and internal/external Vulnerability Assessment program. The VAT team will establish a program for use throughout ICE, Completes vulnerability assessments, identifies opportunities for improvement, and Communicates recommended solutions for addressing vulnerabilities.

This position is located in Washington, DC or Chandler, AZ.

This position will proactively scan all devices on the ICE network per DHS Vulnerability Assessment Test policy requirements on a continuous basis for network and system vulnerabilities. This position will monitor the remediation status of the scan results and evaluate the scan results for accuracy and risk. This position will provide the analyzed results to the various responsible parties identified by the Government Task Monitor for resolution. This position will act as the subject matter expert (SME) for the scan results and consult with the remediation teams on various methods for resolution. This position will be responsible for the Vulnerability Exploit Test and “ad hoc” web application, database, and operating system targeted scan requests. Cyber Hygiene scanning will be performed based on the following:

Identify:

• Active hosts, operating system, ports, protocols and services

• Vulnerabilities and weaknesses

• Common configuration errors

• Improperly signed Domains

• Expired SSL Certificates.

Understand how systems and infrastructure appear to potential attackers:

• Vulnerabilities

• Mitigations

• Operating Systems

• Applications

Additionally, this position will support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities.

• Manage ICE-wide Information Security Vulnerability Management (ISVM) compliance validation, Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE) assessments.

• Conduct, operate, and maintain assessments and the resulting Vulnerability Assessment (VA) data and reports.

• Perform regularly scheduled vulnerability assessments using a master schedule.

• Coordinate the VA testing in advance with the ICE Network Operations Center (NOC) and the DHS Enterprise SOC to assure coordination with network maintenance, availability, and operations.

• Coordinate with system owner/Information System Security Manager (ISSM)/Information Systems Security Officer (ISSO) for any necessary changes to the schedule.

• Use approved test procedures, information collection scripts, and VA tools that are CVE database compatible; the latest versions of tools with up-to-date lists of vulnerability checks; appropriate to DHS’s policies, requirements and technologies.

• Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures.

• Additionally, the Contractor shall support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities.

• Provide vulnerability assessment summary reports to the appropriate systems owner/ISSM/ISSO and document the findings.

• Archive VA data and reports.

• Conduct follow-on assessments, to compare results, focus on deferential findings, look for evidence or lack of improvements thereof to report trends, determine effectiveness of

mitigation strategy, and provide recommendations to changes in DHS policy or architecture.

• Provide automated reporting capabilities to input scanning results to report on findings at time of engagement.

This position will develop and provide, at the minimum, the following reporting deliverables and stated data elements:

• Scanning report to include:

• Data and time of scan

• Network segment(s) scanned

• Individual who performed/verified scan

• Risk/threat level associated with scan

• Roll up of scan results:

- Network map with scan coverage

- Network map with scanning results overlay

- Pie chart that describes overall scan results

• Remediation report to include:

• Repeat findings.

- The length of time the vulnerability has been tracked and not remediated

• Trending Information:

- Threat Level

- Sensitivity level of network segment; e.g. eGOV site

- The length of time the vulnerability has been identified, but not corrected

• Mitigation suggestions:

• Mitigation Recommendations

• Description

• Timeline.

Additionally, the Contractor shall support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities. Basic Qualifications:

  • Bachelor’s Degree AND 4 years security-related experience

  • Must have a current Secret clearance and have the ability to obtain a DHS EOD

  • Experience with industry accepted scanning tools, ad hoc and automated scanning

  • Ability to automate scanning

  • Experience with Information Security Vulnerability Management (ISVM) scans and compliance

External Referral Bonus:

Eligible

External Referral Bonus $:

5000

Potential for Telework:

No

Clearance Level Required:

None

Travel:

No

Scheduled Weekly Hours:

40

Shift:

Day

Requisition Category:

Professional

Job Family:

Cyber Operations

Pay Range:

About Leidos

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 40,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

   Save Job Saved

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community