Job Details
Leidos
Cyber Security Analyst
Description
Job Description:
The Leidos Government Health and Safety Solutions Operation is seeking a Cyber Security Analyst supporting customers in Montgomery County, MD
An experienced Cyber Security Analyst is needed to help organize, document and assess the system security of multiple applications following our HHS customer’s system accreditation and authorization (SA&A) processes.
Responsibilities include performing information security risk assessments in accordance with the NIST Risk Management Framework tailored for HHS and NIH applications, assess the effectiveness of internal security controls, participate in the SDLC, provide risk assessment advisory (understanding best practices such as secure coding, application security architecture, etc.), and support FISMA audit requirements including documenting the system security plan, security controls, contingency plans, and related tests.
The successful Cyber Security Analyst will maintain knowledge of security and privacy law/directives/regulations, industry best practices related to information assurance, changes in technology, and advise Leidos management on the potential impact while serving as a Security technical liaison to the customer and development teams. The Cyber Security Analyst will follow best practices in vulnerability management including scanning, assessment, reporting, and mitigation verification.
The Cyber Security Analyst will support the development and tracking of Plan of Action & Milestones (POA&Ms) when vulnerabilities are identified and conduct application scanning analysis and mitigation tracking. This includes providing inputs to the program management staff for regular status, metrics and issue reporting.
Responsibilities
- Manage and enforce customer security policies
- Conduct security and risk assessments of Leidos maintained applications using NIST security frameworks and related documents
- Mitigate risk via security controls
- Ensure privacy of data throughout its lifecycle
- Document contingency plans, business continuity and disaster recovery
- Communicate with internal team members across multiple areas as well as customer team member.
- Communicate with parties external to the organization (e.g., sub-contractors, vendors, etc.).
- Support project/team leaders regarding solution design, process and/or approaches
Required Skills
- Bachelor’s Degree or equivalent with 5+ years of experience managing the cyber security efforts at US Federal agencies
- Certified Information Systems Security Professional (CISSP) - (ISC)2
- Demonstrated organizational and communication skills
- Demonstrated experience in documenting information system security plans, contingency plans and POA&Ms
- Excellent problem-solving abilities and regularly employs ingenuity and creativity to develop new technical solutions and systems in order to achieve functional objectives