Leidos has a career opening for an Information System Security Officer (ISSO) on the Sustainment for Analysis Services (SAS) contract located in Gaithersburg, MD. The ISSO will be responsible for managing the authorizations and risks related to the processing, storage, and transmission of information in the ~12 systems and SAS program labs that make up the SAS portfolio. The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands. The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices.
The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)) and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk. As part of this process, the ISSO perform testing and assessments to sustain required accreditations. The ISSO promotes the use of secure hardware and software within SAS systems affected by government and corporate approval standards. The ISSO works to ensure all required security policies and practices are effectively applied to SAS systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability and privacy protection throughout the system life cycle.
The SAS ISSO also assists with the execution, analysis, and remediation activities for the SAS vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans 12 different accreditation entities (SAS programs), 3 distinct classification domain enclaves (U), (S) and (TS), using the Nessus and Tenable-ACAS vulnerability scanning tools.
The ISSO also serves in other key security support roles performing duties as a Data Transfer Officer (DTO), and Courier.
- Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals and business results
- Authors and must be able to quickly respond to needs for security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Determinations (proposed system changes) and Concept of Operations that identify and explain how each SAS system satisfies its assigned security control baselines
- Maintains ~12 system security plans related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-CIO security tools
- Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones
- Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities.
- Provides guidance and engages the SAS program lab team to implement secure software and hardware processes and apply government security standards and commercial best security practices
- Resolves highly complex problems by applying technical knowledge, conceptualizing, reasoning, and interpretation
- Comfortable communicating with Leidos and NGA leadership (internally or client) regarding matters of significant importance to the organization/project
- Has in-depth understanding of information security technical principles, theories, concepts and their application across a range of programs
- Develops/maintains security documentation per NGA/IC/DoD-DISA/NIST/Industry standards and policies
- Coordinates all A&A initiation and renewal activities working with the NGA Designated Authorization Officials (DAO or DAOR)
- Addresses any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes
- Performs security audits and assessments – creates, tracks, and helps resolve Plan of Action and Milestones (POA&Ms)
- Coordinates with System Administrators and others to remediate all vulnerabilities and report results. For any open vulnerabilities, documents, obtains approval and manages POAM status
- Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan
- Manages security profile and implementation for SAS systems and services slated for Certification and Accreditation (C&A)
- Works with the Systems Engineers, Senior ISSO, ISSMs, and SAS Lab Team and Leidos Corporate Security when required to develop and maintain security plans and associated documentation
- Maintains records and documentation on program IT systems, upgrades, patches, and connectivity configurations
- Evaluates security solutions and implementation strategies for program IT systems and services and maintains operational security posture of development, integration, and deployed capabilities
- Trains and approves user access and IAA (identification, authorization, and authentication) mechanisms for information systems.
- BS degree and 8 to 12 years of prior relevant experience in order to operate within the scope of responsibilities
- Active Certified Information Systems Security Professional (CISSP) certification Or ISACA Certified Information Security Manager (CISM) certification
- Practical experience understanding and applying the ICD-503 risk management framework is desired
- Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK
- Active TS-SCI clearance
- NGA experience desired.
- Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTs product
Intelligence Community Experience preferred
Pay Range:Pay Range $94,250.00 - $145,000.00 - $195,750.00
In order to enter Leidos facilities in the U.S. and to attend Leidos events outside our facilities, employees are required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. In addition, we are receiving guidance from certain customers that onsite contractor personnel will need to be fully vaccinated to access customer facilities. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC.
Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $13.7 billion for the fiscal year ended December 31, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.