Description Leidos is actively seeking a detail-oriented Information System Security Specialist (ISSO) to join our dynamic team. In this pivotal role, you will manage authorizations and risks associated with the processing, storage, and transmission of information for various programs within the Dissemination Task Order on the FS2 Program. Your expertise will be essential in ensuring compliance with security best practices, leading security assessment initiatives, and collaborating with system ownership and management organizations to test and enhance security controls, policies, and procedures.
Your responsibilities will extend to managing and enforcing government and corporate information security policies, as well as providing training and guidance to end users and program staff on effective security practices. You will conduct thorough security and risk assessments utilizing various accreditation frameworks such as NIST, RMF, and ICDs. Your skills in mitigating risks and applying security controls will contribute significantly to achieving acceptable operational risk levels.
As an ISSO, you will also take charge of the vulnerability management program, including scanning, assessment, reporting, and verification of vulnerability mitigations, utilizing tools like Nessus and Tenable-ACAS across diverse classification domain enclaves (U, S, and TS).
Primary Responsibilities: - Develop and implement risk mitigation strategies to enhance project effectiveness and efficiency.
- Respond promptly to updates and maintenance needs for security documentation, especially System Security Plans, POA&Ms, and Security Impact Assessments.
- Maintain accurate system security plans and configuration records using tools like ServiceNow, XACTA-360, and Leidos-CIO security tools.
- Facilitate necessary security changes through steering groups and review boards to achieve Risk Management milestones.
- Work independently and collaboratively to drive security process improvements and address any compliance gaps.
- Provide guidance to the program lab team on implementing secure software and hardware processes following government security standards.
- Resolve complex security challenges using your technical knowledge and problem-solving skills.
- Communicate effectively with Leidos and NGA leadership on critical security matters.
- Apply an in-depth understanding of information security principles and concepts across a range of programs.
- Create and maintain security documentation that aligns with NGA/IC/DoD-DISA/NIST/Industry standards.
- Coordinate all Assessment and Authorization (A&A) activities, working closely with the NGA Designated Authorization Officials.
- Address Information Assurance or Cybersecurity directives following the NGA operations vulnerability and patch management processes.
- Measure the effectiveness of defense-in-depth architecture and Zero Trust policy implementations against known vulnerabilities.
- Conduct security audits and assessments, assisting in the remediation of identified vulnerabilities.
- Collaborate with System Administrators to resolve vulnerabilities and track their status effectively.
- Update Security CONOPS and IT Disaster Recovery plans for each Security Plan.
- Manage security profiles for systems undergoing Assessment and Authorization (A&A).
- Work with various teams to develop and maintain essential security documentation.
- Maintain thorough records related to program IT systems, upgrades, patches, and connectivity configurations.
- Evaluate security solutions and strategies for IT systems to ensure operational security posture.
- Train users and oversee the identification, authorization, and authentication (IAA) processes for information systems.
Basic Qualifications: - US citizenship is required.
- Bachelor's degree with 12+ years of relevant experience is mandatory.
- An active TS/SCI clearance is required, with the ability to obtain a CI Poly; candidates with a Secret clearance will also be considered for an upgrade.
- Security+ or higher level certification is needed.
- Previous experience with NGA is preferred.
- Understanding and application of the ICD-503 and NIST risk management framework is essential.
- Familiarity with XACTA, XACTA 360, HBSS, ACAS, Nessus, and SPLUNK is desired.
Preferred Qualifications: - At least 3 years of experience in operating, analyzing, and resolving vulnerability scan results using tools like Nessus or Tenable Security Center is preferred.
- Experience within the Intelligence Community is advantageous.
For U.S. Positions: While subject to change based on business needs, Leidos anticipates that this job requisition will remain open for at least 3 days, with an anticipated close date no earlier than 3 days after the original posting date.
Pay Range: Pay Range $126,100.00 - $227,950.00
This pay range is a general guideline and not a guarantee of compensation. Factors considered in extending an offer include job responsibilities, education, experience, knowledge, skills, abilities, internal equity, and alignment with market data.