Security Engineer ( R-00082076-OTHLOC-PL-2D0468 )
Leidos is looking for a Senior IT Security Engineer to provide leadership on a mission-critical program portfolio. The individual will oversee security compliance and processes, for a portfolio of applications. The individual will ensure that critical security functions such as Authorization To Operate (ATO), control gates, and related tasks and deliverables are completed successfully and on-schedule.
- Demonstrating hands on experience with operating IT security / Information Assurance solutions in the context of Federal IT Security regulations and guidance such as NIST 800-53, NIST 800-37 and FIPS 199
- Supporting the adoption and/or implementation of Federal and national security and compliance standards and/or guidance.
- Providing support to programming code reviews, determining system performance specifications, identifying and resolving interoperability problems, developing requirements, determining parameters, and resolving conflicts between disparate technologies as they arise.
- Providing potential solutions to remediate issues while allowing systems to remain operational and compliant in a mission-first environment
- Contribute to and be responsible for parts of cross-functional oversight for the development of new products and enhancements, and ensure best practices are being followed.
- Perform security and compliance analysis and activities, across products and/or teams within a portfolio, including requirements analysis
- Lead security and compliance assessments and evaluations pertaining to specific application and subsystems.
- Executing tasks, monitoring product delivery and work assignments.
- Develop and provide metrics and reporting to demonstrate application compliance.
- Perform vulnerability assessment and development and track mitigations.
- Assist portfolio management with technical direction and prioritization of the development backlog
- Ability to manage multiple high visibility security projects and adjust to quick shifts in customer priorities while meeting all mission requirements.
- Provide mentoring and training to other team members on security guidance, technologies and processes.
- Supporting development and maintenance of applicable Continuity of Operations (COOP) Plans, Business Impact Analyses (BIA), Business Continuity Plans (BCPs), and Disaster Recovery Plans (DRPs).
- Experience leading projects.
- Experience in one or more of the following areas are required:
- Demonstrated experience with NIST SP 800 series or equivalent series documents development and maintenance for information security management and risk assessment
- Demonstrated experience supporting and securing software development projects/programs to include Agile development and DevOps/SecDevOps
- Demonstrated experience with securing cloud services (AWS or Azure)
- Experience defining strategic governance for security management, defining quality metrics, and implementing repeatable processes
- Experience providing project management support, systems support, process improvement recommendations and product support documentation
- Ability to obtain a Customs and Border Protection Public Trust suitability determination
- U.S. Citizenship
- Requires BS degree in IT, Computer Science, Information Systems, or a related field and at least 8+ years of prior relevant experience or Masters with 6+ years of prior relevant experience. Additional experience may be considered in lieu of degree.
- At least five (5) years’ experience managing IT security
- Experience with DHS, CBP, OIT, Border Enforcement, Cloud Services (AWS/Azure), Cloud Migration, DevOps/SecDevOps, Containerization, micro services, and Software Development
- Candidates with strong analytical and organizational skills with excellent written and verbal communication skills
- CASP or CSSLP
- Experience working with information security technologies (e.g., design, encryption, data protection, privilege access, identity and access management, incident management, risk management and auditing)
- Experience guiding peers, leaders, and decision makers on addressing complex security issues
- Experience with scanning and elevation tools (WebInspect, Fortify, JFrog Xray, SonarCube, Nessus etc.); and GRC tools (RSA Archer)