Security Administrator ( R-00054731 )
Keeping sensitive law enforcement and intelligence data secure is a key mission for the FBI. We are seeking a candidate to support the FBI’s cross domain system (CDS) that facilitates secure access to sensitive data. The candidate will join a small team charged that is responsible for providing Engineering and Operations & Maintenance support on existing CDS systems. Primarily the candidate will be responsible for security administration activities on existing CDS systems. This includes performing security scans of systems in accordance with cybersecurity and information management best practices and developing a plan of actions based on the results. Additionally, you will develop and execute Government approved security policies, plans, and procedures. The candidate will have significant direct contact with the immediate customer and the organization’s CDS staff.
Specific duties include but not limited to such tasks as:
- Provide broad based experience in the systems engineering lifecycle and apply the experience to specific cyber security initiatives relating to architectural design and development.
- Perform security assessment and risk analysis including log auditing and vulnerability scanning results.
- Participate in the operating system and application hardening consistent with the current status of cyber security regulations and existing Authority to Operate (ATO) requirements.
- Apply cyber security standards, directives, guidance and policies to an architectural framework.
- Participate in program standup meetings to discuss system status, technical issues, or coordinate production system changes.
- Serve as the primary interface to the client and senior management on all matters pertaining to information assurance
- Evaluate new strategies, technologies, and upgrades; assess security implications; and recommend best approach for the enterprise
- Provide IA guidance for development of Business Continuity Plan, Business Impact Analysis (BIA), Disaster Recovery Plan, and System Security Plan,
- Ensure all IA review items are tracked and reported
- Follow change management process including creating required change management documentation
- Must possess an active Top Secret Clearance
- Security Administration experience demonstrated in a large complex enterprise environment.
- Experience conducting system vulnerability scans.
- Experience with system audits, which may include experience conducting system audits, reviewing system audit logs, OR security audit events.
- Ability to respond and assists in resolving security incident tickets within priority response times.
- Demonstrates good judgement and written/verbal communications.
- A team player with organization skills, can follow written instructions or technical guides, and the ability to prioritize tasks.
- Ability to work independently as the only Leidos Security Administrator representative working directly with customer IT team.
- BS degree and 2 – 4 years of prior relevant experience
A qualified candidate does not need to possess any of these skills, but experience in any of these areas will be beneficial in setting the candidate apart.
- CISSP certification
- Experience coordinating testing, documenting, and achieving accreditation of systems and achieving operational acceptance.
- Experience performing security assessment and risk analysis including log auditing and vulnerability scanning and mitigation of findings and remediation of findings.
- Experience with Federal Information System Management Act (FISMA) reporting, other information assurance assurance-related compliance reporting and applicable NIST and CNSS IA directives, instructions, guidelines.
- Experience with current cyber and Risk Management Framework (RMF) protocols to complex server, network and interconnected systems to resolve and satisfy the conditions necessary to achieve an Authority to Operate (ATO).
- Experience investigating computer and information security incidents to determine extent of compromise to information and automated information systems.
- Experience working with one or more cross domain products (guards, one-way transfers, multi-level access solutions).
- Experience as a Linux Systems Administrator.
- Experience or good understanding of network appliances (router, firewall, etc)
- Small scale development of script level routines: languages (shell script, Perl)
- Understanding of or experience in systems and network administration in a large enterprise IT environment.
- Experience with system hardening (STIGS).