Description

Leidos has an opportunity for an Information Systems Security Officer (ISSO) to support the JIOC Program. The ideal candidate will be joining a small team and will share the knowledge, workload and the future for a mission critical application. Must be able to work on-site in Herndon, VA. Remote/hybrid work is not available for this position. Work hours are flexible.

Primary Responsibilities

• Serves as a principal advisor for all information assurance matters, technical and otherwise, involving the classified information systems (IS) under her/his purview.

• Ensures IS compliance with agency information security policies, standards, and procedures that support maintaining the IS operational security posture.

• Develop and maintain Assessment & Authorization (A&A) Body of Evidence (BOE) documentation including System Security Plan (SSP), Security Test Plan (STP), Security Controls Traceability Matrices (SCTM), Plan of Actions and Milestones (POA&M) according to Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) via Xacta.

• Support IS security self-assessment activities including development of SCTM and STP required to be submitted with A&A security package.

• Responsible for the auditing of security information and events within their assigned system or application. Review and analyze all application and system security configuration settings and audit logs within the system boundary. Identify anomalous activity and potential threats to network resources using Splunk. Actively audit ingress and egress firewall rules and host security configuration. Audit all logical and physical connections.

• Support reporting of IS security incidents and vulnerability compliance gaps.

• Ensure that latest applicable DISA STIGs are applied, and operational compliance is maintained.

• Work with software developers and architects to identify and understand security requirements. Provide guidance on security policy.

• Create and manage the plan of action and milestones (POA&Ms) and work with project managers and engineers to develop schedules and engineering actions that mitigate open findings. Monitor until all actions are closed.

• Support the Continuous Monitoring of operational systems; monitor and audit operational systems for proper use.

• Review weekly information systems security audits and work with project teams to determine corrective action and apply remediation.

REQUIRED EDUCATION, SKILLS, and EXPERIENCE:

• Bachelors degree with 10+ yrs or MS with 8+ years of relevant experience. Degree must be from an accredited institute in an area applicable to the position. Additional relevant years of experience may substitute for a degree.

• A minimum of four years experience as an IA/Security specialist.

• DoD Approved 8570 IAT/IAM Level II Baseline Certification (e.g., Security+, etc.)

• Fundamental understanding of how the RMF process works.

• Practical experience applying NIST 800-53 security control requirements.

• Hands-on experience using a risk management tool i.e. (Xacta, EMASS, etc.)

• Experience performing the above defined responsibilities.

Clearance Requirement: TS/SCI with Polygraph is required for this position.

Preferred Qualifications:

• IAM DoD level 3 (CISM, GSLC and CISSP or CISSP Associate)

• Practical experience using Splunk

• Practical experience using a vulnerability tool i.e. (ACAS, Tenable Nessus, etc.)

• Knowledge of DoD 8510.01

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.