To our valued Leidos candidates:

Coronavirus is on everyone's mind with the effects being felt around the world. The markets are volatile, and we're all concerned for the health and safety of our families, friends, and colleagues. Please know that we're taking all necessary measures to safeguard our employees, customers and the communities in which we live, including following all recommended best practices around social distancing.

With that in mind, in an abundance of caution, we are canceling all face to face career events, such as job fairs and open house events. In the coming days and weeks, we will be hosting career events virtually, using our online chat tools so that we may continue our hiring practice safely and securely. You can find available virtual career events at https://career-events.leidos.com.

We are using telephone meetings and online chats via Brazen to conduct interviews and hiring discussions, and we are offering options for video interviews so that you can have a virtual face to face meeting with your potential new leader. We do not conduct interviews or extend offers via text or chat based social media, such as WhatsApp or MySpace.

Leidos will never ask you to provide payment-related information at any part of the employment application process, nor will Leidos ever advance money as part of the hiring process. And Leidos will communicate with you only through emails that are generated by Leidos.com automated system. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to Chris Scalia, Leidos’ Senior Vice President of Talent Acquisition, at [email protected].

As a company, as a country, as a world, we have confronted challenging moments before. We are confident that, guided by our values and the strength of our community as well as the commitment we have to the important work we do each day, we will find our way through this time together. We will do this with the care and concern for one another and the common good that defines. Please keep those impacted by the virus in your thoughts.

Close Window
Join our talent network

Job #: R-00074875
Location: Suitland, MD
Category: Systems Administration
Schedule (FT/PT): Full Time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: No
Clearance: Top Secret/SCI
Referral Eligibility: Eligible
Referral Bonus Amount: $5,000
Group: Defense

Share: mail twitter linkedin

Description

Job Description:

Looking for an opportunity to make an impact?


At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.

Are your ready for your next challenge?


We are in search for a Linux System Administrator  - Active TS/SCI Required to work at our customer site at the National Maritime Intelligence Center, Suitland, MD. In this role you will provide operations, engineering, and technical support services and associated supplies to support certain AWS resources, Red Hat Enterprise Linux servers, Splunk software, Python scripting language, REGEX parsing, and .xml presentation format development, architecture, administration, and Risk Management Framework (RMF) requirements and operations of the Hopper ISC CYBERDEP Security Information Event Management and NAVINTEL Enterprise Audit Capability (SIEM/NEAP).  

THE MISSION

The Hopper Information Services Center (ISC) is an IT service provider for the Office of Naval Intelligence (ONI) and for 70+ Navy Intelligence Community (IC) ashore organizations across the globe with the mission to deploy and operate classified information systems, networks, communications systems, and cybersecurity capabilities.  Within Hopper ISC, the Cybersecurity Department (CYBRDEP) is comprised of four divisions (Defensive Cybersecurity Operations [N62], Cybersecurity Mission Operations [N63], Assessment & Validation [N64], and Cybersecurity Engineering [N66]), and these divisions collectively secure, protect, assess, and monitor fielded Information Technology (IT) capabilities against a full range of internal and external threats.  

Security Information Event Management (SIEM) platforms support threat detection, compliance, and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities (such as incident management, dashboards, and reporting). Enterprise Audit is an activity that “provides authorized personnel with the ability to review and examine any action that can potentially cause access to, generation of, or affect the release of classified or sensitive information.”  

If this sounds like the kind of environment where you can thrive, keep reading!

THE CHALLENGE 

* Provide assistance and direction to the Hopper Information Services Center in deploying, developing, maintaining, operating, administering, and supporting the technology capable of SIEM ingest and display as well as automating auditing in accordance with ICS-500-27 to identify, record, and report anomalous user activities that might be indicative of potential compromises of classified or sensitive information.

* Act as the subject matter expert (SME) In a System Administration capacity and participate in meetings, working groups, system demonstrations, and conferences in support of the effort. Consider and present various alternatives for implementation including identification and prioritization of resource requirements, the cost for additional tools, timeframe for implementation, and risks.

* Coordinate across IT domains and multiple teams (internal and external) and influence Hopper ISC regarding solution design, process and/or approaches to ensuring all SIEM and EAC systems are up-to-date, working efficiently and ensure all mission requirements are met.

* Build, configure, implement, develop, and maintain the NAVINTEL Enterprise Audit Capability (EAC), which currently consists of Splunk Enterprise, Splunk Enterprise Security, and a Filtered Audit Data (FAD) Distribution Point (DP) to support both the transmitting and receiving of audit data to and from the EAC.

* Perform upgrades, performance tuning, configuration management and on-going operations and maintenance of the EAC to ensure effectiveness, health, performance, security, scalability, and proper ingest of pertinent log information from all NAVINTEL endpoints.

* Provide documentation to support the design, development, integration, configuration, installation, administration, operations, security assessment, and authorization, and disaster recovery of the EAC.

* Provide support in the Assessment and Authorization (A&A – formerly C&A) of the Enterprise Audit hardware and software.  

* Participate in meetings, working groups, system demonstrations, and conferences in support of the effort. This includes the monthly Intelligence Community Audit Subcommittee (ICAS) and meetings/correspondence with Program of Record stakeholders/system administrators to get their data ingested properly.

* Provide analysis and assessment results to the Government and make recommendations to resolve identified discrepancies, evaluating existing rule sets, and tuning, modifying, or developing existent/new search/dashboard/rule sets to achieve program objectives.

* Build, configure, implement, develop, and maintain *NIX servers to support the EAC. This includes a number of distributed Splunk Search Heads, Indexers, Cluster Master, Forwarders, Heavy Forwarders, Licensing Server, Deployment Server, and ITS server.

* Build, configure, implement, develop, and maintain all servers and related infrastructure within Amazon Web Services (AWS) by utilizing the AWS console. This includes a number of Elastic Compute Cloud (EC2s), Elastic Block Storage (EBS), Simple Storage Service buckets, etc. to include monitoring the AWS burn rate and advise the Government on configuration changes to ensure that the expenditure does not exceed the amount budgeted.

* Develop and maintain project schedules and Plan of Actions and Milestones (POA&M) to support the system lifecycle activities in this effort and those, as required, for the NAVINTEL Information Assurance (IA) Program as a whole such as answers to security controls for RMF documentation.


MINIMUM QUALIFICATIONS 

*Active DoD TS/SCI clearance 

*Active CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP certification 

*An OS-specific (Linux) administration certification

*12+ yrs of systems administration experience 

*10+ years experience in the installation, implementation, configuration, testing (functional and security), operations, maintenance and patching of Red Hat Enterprise Linux (RHEL) Operating Systems (OS).

*10+ years of experience in complex pattern matching with REGEX and writing and implementing scripts to automate tasks within Linux systems, Python preferred.

*5+ years AWS console experience, including creating AMI/EC2s; managing snapshots; cloning systems from snapshots; managing EBS, S3, and Glacier volumes; start/stop/restarting instances, etc. 

*5+ years experience in the architecture design, installation, configuration, testing (functional and security) and administration of Splunk Enterprise and Enterprise Security software, Add-Ons, Apps, and other components.

*Experience with integrating information and information transport systems and data sources.

*Experience in scripting the parsing and movement of log data to and from encoded .xml files to Splunk indexers utilizing REGEX functions and cron jobs.

*Experience in generating system health and performance reports, and briefing other team members and/or senior management on findings with recommendations for resolution.

*Experience in continuous monitoring and the Risk Management Framework, creating documents for the RMF body of evidence such as System Security Plans, answers to security controls and POA&Ms, running SCAP scans, etc.)

*Experience in the development of technical system installation and administration documentation as well as operator manuals.

*Experience in the development of architecture diagrams utilizing diagramming software such as Microsoft Visio.


  


 

Pay Range:

Covid Guidance

In order to enter Leidos facilities in the U.S. and to attend Leidos events outside our facilities, employees are required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. In addition, we are receiving guidance from certain customers that onsite contractor personnel will need to be fully vaccinated to access customer facilities. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC. 

About Leidos

Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $13.7 billion for the fiscal year ended December 31, 2021. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

   Save Job Saved

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community