LEAF Security Engineer ( R-00052098 )
The Office of Technology (OOT) at Leidos has an immediate opening for a Security Engineer to help us shape, develop, and deliver new software solutions leveraging state-of-the art technologies to our customers and launch new products and capabilities. The successful candidate will be organized, diligent and able to work successfully individually and in teams. The security engineer will provide security engineering support in accordance with Leidos and customer security mandates, policies, standards, and procedures. This includes security services components as they apply to hardware and software. The security engineer will provide security engineering support to: develop and maintain a flexible security architecture; provide protection from unauthorized use of, or access to, the networked assets; and protect all data residing on the network from intrusion, destruction, or compromise. You will work with internal and external stockholders to design, build, secure, harden and deploy complex enterprise microservice based solutions.
•Assess the current security architecture and deliver improvement recommendations.
•Develop and deliver plans that improve security to physical and logical devices connected to the network.
•Develop and deliver recommendations for security assets refresh or upgrade on an annual basis.
•Develop and deliver recommendations for improved network security.
•Develop and deliver recommendations for policies to improve security vulnerability and penetration testing.
•Develop and deliver plans for Security Services asset updates or patches.
•Design, test, and support implementation of the approved security architecture improvements.
•Design and support implementation of monitoring and managing access plans.
•Design, test, and support implementation of plans to secure network attached devices.
•Design and support implementation of approved recommendations for improving network security.
•Design and support implementation of approved policies for security vulnerability and penetration testing.
•Design, drive, and conduct security vulnerability scanning and remediation activities.
•Design, test, and support implementation of updates or patches approved for security services assets.
•Develop a familiarity with all necessary families of controls and security policies
•Create and maintain Monitoring schedules of the Cloud Environments using external tools such as Trend Micro Deep Security and Qualys Vulnerability Management Platforms.
•Assist in the building and securing architectures in Amazon Web Services (AWS) utilizing services such as EC2, Identity and Access Management (IAM), and Amazon’s Elastic Kubernetes Service (EKS)
•Provide security guidance and interpretation of DISA STIGs and CIS Hardening Guides for implementing development and testing infrastructure securely utilizing technologies such as Docker, Kubernetes, and Amazon Web Services (AWS)
•BS and 4 – 8 years of prior relevant experience or Masters with 2 – 6 years of prior relevant experience. Experience may be substituted in lieu of degree.
•Must be able to obtain a DoD Secret Security Clearance
•Ability to complete tasking independently with minimal direct supervision
•Ability to work and collaborate effectively within a multi-disciplined engineering team.
•Demonstrated proficiency with Unix shell scripting
•Demonstrated proficiency in at least one high-level programming language (Java, C#, Go, Python)
•Demonstrated proficiency with NIST 800-171 Family of Controls
•Demonstrated proficiency with NIST 800-53 Family of Controls
•Demonstrated proficiency with FedRAMP Security Policies & Requirements
•Demonstrated proficiency with at least one Code Analysis tool (Findbugs, Coverity, HP Fortify, OWASP Dependency Check, etc.)
•Demonstrated proficiency with at least one Penetration Testing tool (Wireshark, nmap, Kali Linux)
•Demonstrated proficiency with multiple operating systems (Mac OSX, Windows, and LINUX)
•Experience working with a version control system (e.g., Git)
•Experience working with CI/CD processes and tools (Jenkins)
•Experience working with virtualization technologies (VMWare and VirtualBox)
•Experience working with the Atlassian toolset
•Experience working with AWS
•Experience working with Azure
•Experience working with Trend Micro
•Experience working with OWASP Dependency Check and/or Dependency Track
•Experience working with containers and container orchestration tools such as Kubernetes
•Experience with DFARS protocols
•Experience working with HIPAA Security Rules
•Experience with HiTrust qualifications
•Experience with FISMA qualifications
•Experience developing and maintaining policies and plans such as: Information Security Policies (ISPs), System Security Plans (SSPs), Business Continuity and Disaster Recovery (BCDR) plans, etc.
•Experience with tools such as SPAWAR’s SCAP Compliance Checker and OpenSCAP
•Experience performing security audits and assessments
•Experience with scanning systems for patch compliance using tools such as ACAS/Nessus