InfoSec Security Engineer ( R-00062214 )
Leidos is looking for experienced ISSOs both with policy and technical ATO acumen. Candidates should have clear understanding of ICD 503, RMF and continuous monitoring requirements in order to take IC systems through RMF ATO accreditation. RMF rev 3 or 4 understanding a plus. Candidates will work directly with ISSMs, developers and operations throughout a DevSecOps life cycle both on policy and technical implementation of technologies to scan with Nessus, Web Inspect, App Detective. ISSO will identify vulnerabilities and work off POA&M findings alongside system administrators.
- Identify and define system security requirements
- Design computer security architecture and develop detailed cyber security designs
- Prepare and document standard operating procedures and protocols
- Configure and troubleshoot security infrastructure devices
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks in a consultative role
- Experience with the Risk Management Framework (RMF) and ICD 503 Security Accreditation processes.
- Experience coordinating with Information System Security Managers (ISSM) in testing, documenting, and achieving accreditation of systems throughout the development process, and achieving operational acceptance.
- 3 yrs of Assessment and Accreditation experience delivering ATO packages
- 5 yrs of system engineering or system administration
- 3+ yrs of Nessus
- At least 2 or more Certification: CISSP, Splunk, Network+, Security+, OSCP, Windows, Cisco, CEH, Juniper, RHEL
- Understand all the security controls involved with ICD 503 accreditation
- Candidate must have an active TS/SCI with polygraph
- Must have a BS and 12-15 years of prior relevant experience or Doctorate with 13+ years of prior relevant experience.
- Experience will be considered in lieu of degree.
Prefer following experience:
- Xacta 360
- Web Inspect
- App Detective
- Tenable Security Center
- RMF Automation experience collecting BOE (body of evidence)
- Splunk end user experience with knowledge of how to create Splunk Dashboards are a plus
- FISA experience