Information System Security Engineer (ISSE) ( R-00044488 )
Information System Security Engineer (ISSE)
Leidos is looking for a Security Engineer to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced cryptographic key management program. Program execution follows DEVOPS best practices and employs robust development, test and production environments. Our team of security engineers support enhancements to system security architecture and cyber security capabilities; manage multiple system security plans for development, test and production systems at multiple classification levels following the Risk Management Framework (RMF); manage cross domain capabilities; and support Security Verification Testing (SVT) of relevant Type 1 devices. Leidos is the prime contractor providing system engineering, development, test, integration and operational support. This new program is focused on injecting new technology and adding advanced capabilities over the coming three years while continuing to support an on-going mission and operational system.
The selected candidate will provide support for adding new capabilities to a complex network system with geographically distributed components that has exacting interface, performance and security requirements. He/she will become part of a team of Security Engineers working on solving challenging issues on a nationally significant defense program. The program makes heavy use Public Key Infrastructure (PKI), cryptographic technologies, and cross domain solutions. The selected individual will collaborate with other engineers and technical experts in providing improvements to our operational, test, integration, and development systems.
- Validating and verifying system security requirements.
- Evaluating security solutions to ensure they meet customer specified requirements for processing classified information.
- Providing configuration management for security-relevant information system software.
- Assessing and mitigating system security threats/risks.
- Assisting in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and enterprise solutions.
- Contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.
- Participating in program increment planning and related agile team activities.
- Communicating with and working closely with System Engineering, Test Engineering, and Integration teams to ensure that the hardware and software implementation meets the security requirements for processing classified information.
- Analyzing and assessing system implementation against multiple security compliance policies and evaluating the impact of new development.
- Collaborating with development teams to identify and resolve security issues.
- Developing technical solutions for security-related vulnerabilities using solid security standards and best practices.
- Evaluating, reviewing, and/or testing security-critical software.
- Auditing and assessing system security policies and configuration settings.
- Analyzing security compliance requirements for new system features and proactively identifying potential security issues.
- Supporting risk assessment and risk management.
- Participating in security verification testing of relevant type 1 devices.
- Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline and at least 2 years of relevant experience or a Master’s degree.
- Additional experience may be substituted for a Degree.
- Must have experience with secure configurations of commonly used desktop and server operating systems.
- Must have experience or familiarity with applying Risk Management Framework and formulating and assessing IT security policy.
- Must have demonstrated knowledge of one or more common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
- Must be comfortable working on multiple systems and components simultaneously, possibly with various configurations.
- Must have strong verbal and written communications skills.
- Must be committed to adopting and adhering to best practices.
- Must be able to effectively plan and prioritize personal tasking.
- Must be capable of performing high quality work both independently and with a team in a fast-moving environment.
- Experience or familiarity with Defense in Depth Principals.
- One or more of the following: DoD 8570 compliance with IASAE; Information Systems Security Engineering Professional (ISSEP) Certification; Computer Information Systems Security Professional (CISSP) Certification.
- Experience with integrated security services management processes (i.e. assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response).
- Experience providing information assurance support for application development.
- Experience with penetration testing tools and hands-on vulnerability testing.
- Experience with scripting languages.
This position is eligible for an increased sign on bonus of $20, 000. Please visit careers.leidos.com/CSS20k for details and a full list of eligible opportunities.
careers.leidos.com/CONMDExternal Referral Bonus:EligiblePotential for Telework:NoClearance Level Required:Top Secret/SCI with PolygraphTravel:NoScheduled Weekly Hours:40Shift:DayRequisition Category:ProfessionalJob Family:Information AssurancePay Range: