An experienced Information Assurance professional with lead experience is needed to help organize, document and assess the system security of multiple applications following our HHS customer’s system accreditation and authorization (SA&A) processes.
Responsibilities include performing information security risk assessments in accordance with the NIST Risk Management Framework tailored for HHS and NIH applications, assess the effectiveness of internal security controls, participate in the SDLC, provide risk assessment advisory (understanding best practices such as secure coding, application security architecture, etc.), and support FISMA audit requirements including documenting the system security plan, security controls, contingency plans, and related tests.
The successful Cyber Security Analyst will maintain knowledge of security and privacy law/directives/regulations, industry best practices related to information assurance, changes in technology, and advise Leidos management on the potential impact while serving as a Security technical liaison to the customer and development teams. The Cyber Security Analyst will follow best practices in vulnerability management including scanning, assessment, reporting, and mitigation verification.
The Cyber Security Analyst will support the development and tracking of Plan of Action & Milestones (POA&Ms) when vulnerabilities are identified and conduct application scanning analysis and mitigation tracking. This includes providing inputs to the program management staff for regular status, metrics and issue reporting.
- Manage and enforce customer security policies
- Conduct security and risk assessments of Leidos maintained applications using NIST security frameworks and related documents
- Mitigate risk via security controls
- Ensure privacy of data throughout its lifecycle
- Document contingency plans, business continuity and disaster recovery
- Communicate with internal team members across multiple areas as well as customer team member.
- Communicate with parties external to the organization (e.g., sub-contractors, vendors, etc.).
- Support project/team leaders regarding solution design, process and/or approaches
- Bachelor’s Degree or equivalent with 8+ years of experience managing the cyber security efforts at US Federal agencies
- Certified Information Systems Security Professional (CISSP) - (ISC)2
- Demonstrated organizational and communication skills
- Demonstrated experience in documenting information system security plans, contingency plans and POA&Ms
- Excellent problem-solving abilities and regularly employs ingenuity and creativity to develop new technical solutions and systems in order to achieve functional objectives
Effective October 1, in order to enter Leidos facilities in the US and to attend Leidos business events outside our facilities, employees will be required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. Effective January 18, 2022, all Leidos employees must be fully vaccinated (2 weeks past final dose) unless they are entitled to a legal accommodation. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC.
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.