Information System Security Officer (ISSO) TS/SCI with POLY REQUIRED

Description

Job Description:

Leidos has a career opening for an Information System Security Officer (ISSO) on the Sustainment for Analysis Services (SAS) contract located in Gaithersburg, MD. The ISSO will be responsible for managing the authorizations and risks related to the processing, storage, and transmission of information in the ~12 systems and SAS program labs that make up the SAS portfolio. The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands. The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices.

The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)) and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk. As part of this process, the ISSO perform testing and assessments to sustain required accreditations. The ISSO promotes the use of secure hardware and software within SAS systems affected by government and corporate approval standards. The ISSO works to ensure all required security policies and practices are effectively applied to SAS systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability and privacy protection throughout the system life cycle.

The SAS ISSO also assists with the execution, analysis, and remediation activities for the SAS vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans 12 different accreditation entities (SAS programs), 3 distinct classification domain enclaves (U), (S) and (TS), using the Nessus and Tenable-ACAS vulnerability scanning tools.

The ISSO also serves in other key security support roles performing duties as a Data Transfer Officer (DTO), and Courier.

Primary Responsibilities:

• Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals and business results
• Authors and must be able to quickly respond to needs for security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Determinations (proposed system changes) and Concept of Operations that identify and explain how each SAS system satisfies its assigned security control baselines
• Maintains ~12 system security plans related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-CIO security tools
• Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones
• Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities.
• Provides guidance and engages the SAS program lab team to implement secure software and hardware processes and apply government security standards and commercial best security practices
• Resolves highly complex problems by applying technical knowledge, conceptualizing, reasoning, and interpretation
• Comfortable communicating with Leidos and NGA leadership (internally or client) regarding matters of significant importance to the organization/project
• Has in-depth understanding of information security technical principles, theories, concepts and their application across a range of programs
• Develops/maintains security documentation per NGA/IC/DoD-DISA/NIST/Industry standards and policies
• Coordinates all A&A initiation and renewal activities working with the NGA Designated Authorization Officials (DAO or DAOR)
• Addresses any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes
• Performs security audits and assessments – creates, tracks, and helps resolve Plan of Action and Milestones (POA&Ms)
• Coordinates with System Administrators and others to remediate all vulnerabilities and report results. For any open vulnerabilities, documents, obtains approval and manages POAM status
• Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan
• Manages security profile and implementation for SAS systems and services slated for Certification and Accreditation (C&A)
• Works with the Systems Engineers, Senior ISSO, ISSMs, and SAS Lab Team and Leidos Corporate Security when required to develop and maintain security plans and associated documentation
• Maintains records and documentation on program IT systems, upgrades, patches, and connectivity configurations
• Evaluates security solutions and implementation strategies for program IT systems and services and maintains operational security posture of development, integration, and deployed capabilities
• Trains and approves user access and IAA (identification, authorization, and authentication) mechanisms for information systems.

Basic Qualifications:

• BS degree and 8 to 12 years of prior relevant experience in order to operate within the scope of responsibilities
• Active Certified Information Systems Security Professional (CISSP) certification Or ISACA Certified Information Security Manager (CISM) certification
• Practical experience understanding and applying the ICD-503 risk management framework is desired
• Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK
• Active TS-SCI clearance
• NGA experience desired.

Preferred Qualifications:

• Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTs product

Intelligence Community Experience preferred

Pay Range: