More About the Role:
Leidos is seeking a Cybersecurity Authorization Services (CAS) Information System Security Officer (ISSO) to support the Service Management, Integration, and Transport (SMIT) contract, the largest IT services program for the Navy. Under SMIT, the Leidos team delivers the core backbone of the Navy-Marine Corps Intranet (NMCI), including areas such as cybersecurity services, network operations, service desk, voice & video, messaging & mobility, and data transport. The Leidos team supports the Navy in unifying its shore-based networks and data management to improve capability and service while also striving for cost efficiencies and savings by focusing efforts under one enterprise network. The successful candidate will support the Naval Enterprise Networks (NEN) Development and Baseline Labs.

The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)), and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk. As part of this process, the ISSO performs testing and security assessments to sustain required accreditations. The ISSO promotes the use of secure hardware and software within the systems affected by government and corporate approval standards. The ISSO works to ensure all required security policies and practices are effectively applied to systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability, and privacy protection throughout the system life cycle.

The ISSO also assists with the execution, analysis, and remediation activities for the vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans both the Dev and Baseline labs using the Nessus and Tenable-ACAS vulnerability scanning tools.

Primary Responsibilities:
•Assist with the initial effort to obtain and continued sustainment of the NEN Baseline Lab RMF authorization.
•Provide support for implementing and enforcing information systems security policies, standards, and methodologies.
•Assist in the evaluation of security solutions to ensure they meet security requirements for processing multiple types of information.
•Assist with the Configuration Management for information system security software, hardware, and firmware.
•Evaluate security solutions to ensure they meet security requirements for processing information.
•Maintain operational security posture for information systems.
•Work with engineering devops staff to ensure security artifacts are being collected and analyzed in a timely manner.

What You'll Get to Do:
•Obtain and then maintain the Authorization to Operate (ATO) for the NEN Lab.
•Provide support for implementing and enforcing information systems security policies, standards, and methodologies.
•Assist in the evaluation of security solutions to ensure they meet security requirements for processing multiple types of information.
•Work with engineers and ISSEs in support of Agile sprints for new solutions to ensure they meet DoD and Navy security requirements.
•Maintain the operational security posture of the NEN Lab.
•Act as the Vulnerability Remediation Coordinator for the NEN Lab as part of the vulnerability management program. This includes pulling patches from the DoD Patch Repository, performing post remediation ACAS and STIG checklist scans to verify remediation, and generating reports on vulnerability status.
•Administrate and maintain the NEN Lab ACAS solution. This includes routine plugin updates and patches for all components of the ACAS solution.
•Develop and execute required weekly and monthly ACAS scans according to DoD and Navy policies.
•Conduct required STIG Checklists scans for all hardware, software, and virtual systems using Evaluate STIG and create collections in STIG Manager as necessary.
•In support of engineering projects provide pre and post development/test ACAS scans and STIG checklists, reviewing and analyzing results, and support engineering with remediations.
•Maintain in-depth knowledge of DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).

You'll Bring These Qualifications:
•Typically requires a BA/BS Degree or equivalent experience and 12-15 years of prior relevant experience or Masters with 10-13 years of prior relevant experience (in System Engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or related discipline from an accredited college or university). Generally, has 4+ years of experience supervising or leading teams or projects.
•Must be a U.S. Citizen and possess an active Secret clearance to start the program.
•Technical knowledge and skills in one of the following areas: cybersecurity assessment, vulnerability scanning, integration and testing, data analytics or security operations.
•Understanding of DevOps methodologies and workflows to include Agile and DevSecOps concepts and best practices.
•In depth knowledge of cybersecurity assessment and authorization (A&A) ISSE services and associated processes, procedures, and activities in accordance with DoDID 8500.01, DoDI 8551.01, and other applicable NIST instructions, guidelines.
•Utilize security tools, such as eMASS, Tenable Nessus/ACAS, Evaluate STIG, eMASSter, STIG Viewer, and other automated tools to evaluate and produce assessment results.
•Experience supporting the formal Cybersecurity/IA testing required by government authorization authorities and preparing System Security Plans.
•Technical understanding of supporting security initiatives, conducting security monitoring, reporting and maintaining security compliance following security regulations and policies.
•Experience with Security Engineering and Architecture, Certification and Accreditation, Vulnerability Assessment, Incident Management, Vulnerability Management, Security Operations, and Policy and Program Development.
•Motivated self-starter with ability to lead and work in a matrix organization and communicate effectively with peers, subordinates and program leadership.
•Ability to multi-task, self-assign work in a dynamic, fast-paced environment.
•Exceptional communication abilities, both verbal and written, including business writing on complex topics.
•Lead cybersecurity tasks and collaborate with customers, stakeholders, and team members.
•Experience and ability to successfully negotiate and influence others to understand and accept new concepts, practices and approaches.
•Strong analytical, communication and troubleshooting skills that enable proactive and effective collaboration with a virtual team, including the ability to clearly articulate status and present to both customers and program leadership.
•Mentor and review the work of junior team members.
•Travel may be required.

These Qualifications Would be Nice to Have:
•Hold an active security certification that meets DOD 8570 IAT level III, such as CISSP.
•Prior experience managing remote employees and teleworkers.
•Prior experience with Navy customer and mission partner set.
•Certifications:
-CISSP.
-ITIL.
-PMP.
-Navy Qualified Validator certification a plus.

Original Posting Date:

2024-08-27

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $122,200.00 - $220,900.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.