Information Security Engineer ( R-00059503 )
Leidos is seeking an Information Security Engineer for the ESA V program. The ESA V Security team supports multiple DOJ components (ATF, JMD, ATR). This position will primarily support the DOJ Alcohol Tobacco Firearms and Explosives (ATF) component.
This position is for an Information Security Engineer focused on managing the McAfee ePolicy Orchestrator server and console as well as security compliance reviews. The Information Security Engineer will be focused on daily ePO deployments, operations and maintenance of McAfee solutions in the customer environment. This includes but is not limited to annual audits (e.g. OMB, A123, FISMA) and maintenance of records in the compliance management system (e.g. POAMs, waivers, registered assets). The candidate will also mentor a Junior Information Security Engineer on how to manage and operate McAfee ePolicy Orchestrator.
The candidate may also be involved in other security assessment activities including but not limited to: Risk Management Framework elements, assessment of security controls, and assessment of new functions. The candidate may act as the interface between auditors and system subject matter experts. The candidate should understand how to document system compliance with government security controls (e.g. 800-53, FISMA). The candidate may also support Security Operations, e.g. conducting security scans.
Clear verbal and written communication skills are essential. This position also requires good project planning skills to identify how to meet schedules, maintain and update security SOP’s, identify dependencies, and identify risks and workarounds.
This position requires a security investigation completed by the ATF and other federal components to permit access to customer-sensitive information.
- Bachelor’s degree with 8+ years relevant work experience with managing McAfee ePolicy Orchestrator server and console. Four additional years of experience may be considered in lieu of a degree.
- Experience creating and troubleshooting McAfee ePolicy Orchestrator policy configurations
- Experience with supporting assessment of IT systems compliance with Federal IT Security standards (e.g. NIST 800-53, FISMA)
- Ability to respond to security audits and compliance assessments including decomposing auditor requests to actionable items, compiling and presenting security audit artifacts
- Ability to evaluate IT system compliance with government and commercial security practices (e.g. DISA STIGS, SANS Top 25)
- General knowledge of enterprise scale IT systems, architectures and components (servers, and virtualization, networking, security appliances, SAAS, IAAS) particularly the system integration challenges balancing secure operations with operational need.
- Solid communication and documentation skills
- Candidate selected will be subject to a Government Public Trust security investigation and must meet eligibility requirements for access to the customer’s information.
- Selected individual cannot start the assignment until the required security clearance is granted by the customer.
- US Citizenship is required.
- Experience with McAfee ePolicy Orchestrator (ePO)
- Reviewing and Responding to antivirus alerts
- Creating custom reports
- Installing and updating ePO agents and dat files
- Configuring ePO policies for endpoint systems and servers (On-perm and in the Cloud)
- McAfee ePolicy Orchestrator Certification
- Past experience with the Department of Justice
- DOJ or DOD Active Clearance
- Network knowledge and experience
- ITSM knowledge and experience, particularly with ServiceNow
- Experience with DOJ compliance environment and related tools (CSAM, Tenable Security Center, and BigFix)
- Ability to review, compile and update artifacts for system accreditation packages
- Direct experience or solid familiarity with cloud computing and applicable security practices (e.g. FedRAMP, SAAS, IAAS)
- Ability to recognize security risks, document risk, and clearly communicate findings and recommendations.
- Experience supporting Incident Response events
- Experience supporting review and certification of systems and applications