To our valued Leidos candidates:

Coronavirus is on everyone's mind with the effects being felt around the world. The markets are volatile, and we're all concerned for the health and safety of our families, friends, and colleagues. Please know that we're taking all necessary measures to safeguard our employees, customers and the communities in which we live, including following all recommended best practices around social distancing.

With that in mind, in an abundance of caution, we are canceling all face to face career events, such as job fairs and open house events. In the coming days and weeks, we will be hosting career events virtually, using our online chat tools so that we may continue our hiring practice safely and securely. You can find available virtual career events at https://career-events.leidos.com.

We are using telephone meetings and online chats via Brazen to conduct interviews and hiring discussions, and we are offering options for video interviews so that you can have a virtual face to face meeting with your potential new leader. We do not conduct interviews or extend offers via text or chat based social media, such as WhatsApp or MySpace.

Leidos will never ask you to provide payment-related information at any part of the employment application process, nor will Leidos ever advance money as part of the hiring process. And Leidos will communicate with you only through emails that are generated by Leidos.com automated system. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to Chris Scalia, Leidos’ Senior Vice President of Talent Acquisition, at [email protected].

As a company, as a country, as a world, we have confronted challenging moments before. We are confident that, guided by our values and the strength of our community as well as the commitment we have to the important work we do each day, we will find our way through this time together. We will do this with the care and concern for one another and the common good that defines. Please keep those impacted by the virus in your thoughts.

Close Window
Join our talent network

Job #: R-00069711
Location: Gaithersburg, MD
Category: Information Assurance
Schedule (FT/PT): Full Time
Travel Required: No
Shift: Day
Potential for Telework: No
Clearance: Top Secret/SCI
Referral Eligibility: Eligible
Referral Bonus Amount: $5000
Group: Intelligence

Share: mail twitter linkedin

Description

Job Description:

Leidos has a career opening for an Information System Security Officer (ISSO) on the Sustainment Analysis Services (SAS) contract located in Gaithersburg, MD. The ISSO will be responsible for managing the authorizations and risks related to the processing, storage, and transmission of information in the ~12 systems and SAS program labs that make up the SAS portfolio.  The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands.  The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices.

The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)) and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk.  As part of this process, the ISSO perform testing and assessments to sustain required accreditations.  The ISSO promotes the use of secure hardware and software within SAS systems affected by government and corporate approval standards.  The ISSO works to ensure all required security policies and practices are effectively applied to SAS systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability and privacy protection throughout the system life cycle. 

The SAS ISSO also assists with the execution, analysis, and remediation activities for the SAS vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans 12 different accreditation entities (SAS programs), 3 distinct classification domain enclaves (U), (S) and (TS), using the Nessus and Tenable-ACAS vulnerability scanning tools.   

The ISSO also serves in other key security support roles performing duties as a Data Transfer Officer (DTO), and Courier.

Primary Responsibilities:

  • Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals and business results
  • Authors and must be able to quickly respond to needs for security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms);  Security Impact Determinations (proposed system changes) and Concept of Operations that identify and explain how each SAS system satisfies its assigned security control baselines
  • Maintains ~12 system security plans related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-CIO security tools
  • Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones
  • Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities.
  • Provides guidance and engages the SAS program lab team to implement secure software and hardware processes and apply government security standards and commercial best security practices
  • Resolves highly complex problems by applying technical knowledge, conceptualizing, reasoning and interpretation
  • Comfortable communicating with Leidos and NGA leadership (internally or client) regarding matters of significant importance to the organization/project
  • Has in-depth understanding of information security technical principles, theories, concepts and their application across a range of programs
  • Develops/maintains security documentation per NGA/IC/DoD-DISA/NIST/Industry standards and policies
  • Coordinates all A&A initiation and renewal activities working with the NGA Designated Authorization Officials (DAO or DAOR)
  • Addresses any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes
  • Performs security audits and assessments – creates, tracks, and helps resolve Plan of Action and Milestones (POA&Ms)
  • Coordinates with System Administrators and others to remediate all vulnerabilities and report results. For any open vulnerabilities, documents, obtains approval and manages POAM status
  • Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan
  • Manages security profile and implementation for SAS systems and services slated for Certification and Accreditation (C&A)
  •  Works with the Systems Engineers, Senior ISSO, ISSMs, and SAS Lab Team and Leidos Corporate Security when required to develop and maintain security plans and associated documentation
  •  Maintains records and documentation on program IT systems, upgrades, patches, and connectivity configurations
  • Evaluates security solutions and implementation strategies for program IT systems and services and maintains operational security posture of development, integration, and deployed capabilities
  • Trains and approves user access and IAA (identification, authorization, and authentication) mechanisms for information systems.

Basic Qualifications:

  • BS degree and 12 to 15 years of prior relevant experience in order to operate within the scope of responsibilities
  • Active Certified Information Systems Security Professional (CISSP) certification Or ISACA Certified Information Security Manager (CISM) certification
  • Practical experience understanding and applying the ICD-503 risk management framework is desired
  • Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK
  • NGA experience desired.

Preferred Qualifications:

  • Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTs product  
  • Intelligence Community Experience preferred
  • Active TS-SCI clearance

Pay Range:

COVID Response

Effective October 1, in order to enter Leidos facilities in the US and to attend Leidos business events outside our facilities, employees will be required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry.  Effective January 18, 2022, all Leidos employees must be fully vaccinated (2 weeks past final dose) unless they are entitled to a legal accommodation. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC. 

About Leidos

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021.  For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

   Save Job Saved

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community