Leidos has an immediate opportunity for an Information Systems Security Engineer
(ISSE) to provide Cybersecurity engineering support to the Airspace Mission Planning Division, Hanscom AFB MA and its Operating Location at Eglin AFB, FL. The position can be located at Eglin AFB, FL or Lexington, MA. At Leidos, we strive to provide engaging careers, a collaborative culture and career growth to develop a thriving workplace. If you are a qualified ISSE or Cybersecurity professional and are interested in working in a rewarding environment, we would like to meet with you. Job Summary:
The Information Systems Security Engineer’s principal responsibility is successful Security Certification amp; Accreditation (C amp;A) of Mission Planning software applications, within planned cost and schedule. These Mission Planning software applications are in use today by Air Force and Navy aviation mission planners, and operate on various DoD networks, closed networks and stand-alone systems.
- Researching, developing, implementing, testing, and reviewing hardware/software information security requirements (IAW DoD/NIST RMF) to protect information and prevent unauthorized access. In this role, the ISSE will direct the contracting team on security measures, explain potential threats, implement security measures and monitor applications in order to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases.
- Support the government program office’s Information Assurance team with Authorization to Operate (ATO) and Authority to Connect (ATC) certifications, required for software releases.
- Hardening of Operating Systems, applications, and network infrastructure using Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations, and Information Assurance Vulnerability Alerts (IAVA)
- Working closely with the Chief Engineer to establish a system security engineering (SSE) process to plan, organize and manage efforts to achieve maximum system cybersecurity, cyber resiliency and survivability.
- Working with self-signed certificates and DoD PKI.
- Working with Windows OS, SELinux, puppet, iptables, and cryptographic modules.
- Contribute to Program Protection planning, Anti-tamper planning and identification of Critical Program Information (CPI).
- Developing and maintaining system-specific Security Controls Test Matrix (SCTM), Risk Assessment Report, Plan of Action and Milestones (POA amp;M), System Security Plans (SSP), Application Security and Development Checklists, and other artifacts supporting software certification and accreditation in accordance with RMF and JSIG.
- Running vulnerability scans for applications using various tools such as HP Fortify; working with software engineers to analyze the report; and running vulnerability scans for operating systems and network infrastructure using Nessus and/or ACAS.
- Working closely with software engineers supporting and troubleshooting the deployment of our software on government-provided infrastructure.
- Understanding components of, and support the development of, Security Assessment Reports.
- Reviewing existing system-specific Security Controls Test Matrix (SCTM), Risk Assessment Report, Plan of Action and Milestones (POA amp;M), System Security Plans (SSP), Application Security and Development Checklists, and other artifacts supporting software certification and accreditation in accordance with RMF and JSIG to identify areas for Enterprise Cybersecurity amp; Cyber Resiliency opportunities for improvement.
- Requires an active DoD Secret security clearance for consideration.
- Bachelor's degree in Computer Science, Information Security, Electrical Engineering or a related scientific /technical discipline and 8 -12 years of Security Engineering or related experience.
- Demonstrated progress towards attaining a Certified Information Systems Security Professional (CISSP) designation.
- Understanding of DoD 8510, NIST 800.53 Risk Management Framework, and CNSSI 1253
- Advanced degree preferred
- Experience in leading C amp;A processes in accordance with DoD policy, standards amp; guidelines.
- Experience with the enterprise Mission Assurance Support Service (eMASS).
- Technical knowledge of computer networking and computer security protocols, and prior hands-on implementation of network and software security controls.
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems Global Solutions business (IS GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.