Information Assurance Specialist (648209)

  • 02/19/2018

Job Description

The Defense amp; Intelligence Group at Leidos currently has an opening for an Information Assurance Specialist to work in our O’Fallon, IL office. This is an exciting opportunity to use your experience by providing support on the both the TRANSCOM Reference Data Management (TRDM) and the Integrated Data Environment (IDE) and Global Transportation Network (GTN) Convergence (IGC) programs. About each program.. TRDM is the USTRANSCOM enterprise reference data repository. TRDM facilitates interoperability through the centralized management and distribution of reference data tables derived from hundreds of authoritative sources. The IGC Program provides supply chain, distribution, and logistics information fusion through common integrated data and services to enable development of cohesive solutions for users across Department of Defense (DOD). IGC provides a single point of access to data within the Defense Logistics Agency (DLA) and USTRANSCOM, and between DLA/USTRANSCOM and external systems, ensuring consistent access to common, authoritative logistics data, business rules, and reliable information. Responsibilities TRDM: Ensures appropriate tools and permissions are maintained in consort with USTRANSCOM network providers to deny access to unauthorized users. Ensures the infrastructure supporting TRDM is implemented to support the DoD defense-in-depth strategy, e.g., encryption, authentication, and logging. Perform the duties of IA log monitoring and analysis on TRDM systems. Addresses any potential security findings by immediately relaying these findings to the appropriate POCs and security entities for further instruction. Supports security engineering activities. Attends, provides technical expertise, and may be required to take meeting minutes/notes during technical exchange meetings on a wide range of security engineering topic. Attends, provides technical expertise, and may be required to take meeting minutes/notes in IT program Engineering Milestone Reviews, e.g., System Requirements Review, Design Reviews, Test Readiness Reviews, Operational Readiness Reviews, and Incident Report Working Groups. Supports the USTRANSCOM Security Office to resolve and address security issues impacting all aspects of the program. Creates and/or reviews system accreditation documentation. Performs technical reviews of deliverables for security impact, e.g., Security Plan, Risk Management Framework (RMF), Requirements Specification, Functional Specification, Design Documents, Sustainment Plans, Deployment Plans and Test Plans. Supports operational security activities e.g., system log analysis, firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and malicious activity. Coordinates overall security strategy with multiple agencies, Approval Authority (AA) representatives and vendors, and other Government organizations/agencies to resolve and/or address a wide range of security engineering issues. Recommends changes to network and security architecture as potential issues or improvements are identified for the purposes of improving security posture and meeting operational performance requirements. Executes the program’s Information Assurance Vulnerability Management (IAVM) program in accordance with the DoD IAVM program. Coordinates with the 375th Enterprise Security Services (ESS) and AMC/A6 Enclave personnel (if required) to analyze and mitigate any scan findings. Assists the Government in drafting and submitting an acceptable Plan of Action and Milestones (POA amp;M) through the Information Systems Security Manager (ISSM) and inputting this POA amp;M into the appropriate IA Management tools (i.e., eMASS) if scan findings cannot be immediately mitigated. Performs a monthly review of the Plans of Action and Milestones (POA amp;M) Report for all POA amp;M items that are due within the next sixty (60) calendar days and updates the IA Management tools with changes in status. Request, gather and formalize inputs to various RMF-required documentation from other organizations (i.e., program management offices, system management offices, system administrators, functional managers, etc.) to fully complete all RMF requirements. Ensures creation/completion of all RMF-required documentation and systems/network diagrams prior to submission for an Authorization to Operate (ATO) and an Authorization to Connect (ATC). Support the transition from DIACAP to RMF upon award of the contract. Support the Government in the coordination and submission of the RMF-related documentation. Monitor the status of the RMF package through the ATO/ATC phases and will keep the Information Assurance Manager (IAM) abreast of current status. Provide technical and administrative services necessary to support an accreditation decision. Maintain and update all appropriate existing RMF documentation throughout the entire life of the ATO/ATC as necessary. IGC Supports IGC requirements using the Risk Management Framework (RMF) for DoD Information Technology (IT) process (Categorize the information system, Selecting the Initial Baseline of Security Controls, Define the Security Control Assessment Approach, Implement Security Controls, and Assess Security Controls). Ensures Information Assurance (IA) Checklist for releases is submitted no later than fifteen (15) business days prior to the Verification – Test Readiness Review (V-TRR) and tracks Government evaluation/approval status of IA Checklist. Ensures security issues are identified and addressed in IGC minor modification checklists and Department of Defense (DOD) security controls are applied as part of system sustainment to ensure the confidentiality, integrity, availability, authentication and non-repudiation of IGC’s sensitive unclassified and classified systems and data. Monitors and analyzes IA Vulnerability Management (IAVM) Notices, USTRANSCOM Security Notifications, United States Computer Emergency Readiness Team (US-CERT), and vendor security advisories for IGC servers not managed by DISA and make recommendations to the Government for applicability to IGC. Provides Security Analysis and Assessment Results in support of the weekly Information Assurance (IA) Integrated Product Team (IPT) of risk advisories (based on the Security Technical Implementation Guide (STIG) Finding Severity Category listed in the IA Vulnerability Advisories (IAVAs), IA Vulnerability Bulletins (IAVBs) and Technical Advisories) to the Government. Ensures required COTS/Operating System (OS) security patches are applied and the DISA Continuous Monitoring and Risk Scoring (CMRS) system is updated to document the installation of vendor application security patches and/or generates Plans of Action and Milestones (POA amp;M) when patches cannot be applied. Reviews security advisories from United States Cyber-Security Command, Secunia, and vendor web sites for applicability to IGC assets. Provides a weekly IAVM report input for the weekly IA IPT which includes the IAVA number, and if applicable to the IGC program, an IA Patch Plan of Action and Milestones (POA amp;M). Ensures that information system security engineering is employed during any/all changes to the System Architecture, is in compliance with all analogous or interfacing cybersecurity component(s) of the DoD Information Network (DODIN) Architecture, and is designed to make maximum use of the DOD enterprise cybersecurity capabilities and services. Participates in the IGC change control process and evaluates the impact of each change on security. Ensures applicable DOD STIGs, checklists, vendor security guidance, industry best practices, and applicable vendor product security patches are applied to the design, development, and implementation of secure applications and configurations. Ensures applications are in compliance with DOD Instruction 8500.1 Cybersecurity (current version) and DODI 8551.1 Ports, Protocols, and Services Management (current version). Ensures an approved code analysis tool is used to scan the developed source code in order to identify and remediate vulnerabilities or weaknesses in the application code. Ensures code scan reports to the government are delivered prior to installing source code into the production environments so the government can evaluate the security status of the code. Ensures code scan report identifies fix actions for any discovered vulnerabilities such as those described in Common Weakness Enumeration/System Administration, Networking, and Security Institute (CWE/SANS) TOP 25 Most Dangerous Programming Errors and Open Web Application Security Project (OWASP) Top Ten, that could be exploited by unauthorized sources. Participates in Government and Contractor formal and informal design reviews to identify potential security weaknesses, deficiencies, and/or vulnerabilities in the design. Ensures appropriate security requirements are included as part of the requirements traceability matrix and are evaluated as part of the security test and evaluation (ST amp;E). Updates system security documentation that facilitates the security accreditation of the system according to DODI 8510.01, Risk Management Framework (RMF) for DOD Information Technology (IT) and the associated System Categorization as defined in DODI 8510.01 and CNSSI 1253 (current version). Updates the DOD Enterprise Mission Assurance Support Service (eMASS) system as required and provides supporting cybersecurity documentation for upload as artifacts in eMASS. Ensures the Security Plan addresses all of the applicable DODI 8510.1 security controls and is maintained to support the DOD IA RMF authorization decisions. Monitors and analyzes Information Assurance Vulnerability Management (IAVM) Notices, USTRANSCOM Security Notifications, United States Computer Emergency Readiness Team (US-CERT), and vendor security advisories for IGC servers not managed by Defense Information Systems Agency (DISA) and makes recommendations to the Government for applicability to IGC. Provides Security Summary Analysis and Assessment Results for inclusion in IPR presentation materials.


Requires BS and 4-8 years of prior relevant experience or Associates Degree with 8-12 years of experience or a Masters with 2-6 years of prior relevant experience.

Basic Qualifications

  • United States Citizen
  • Secret Clearance (Active)
  • Ability to successfully pass Single Scope Background Investigation (SSBI)
  • Certifications: CISSP (preferred) or CISSP Associate, CSSLP or CASP CE

Knowledgeable and/or Experienced with the following:

  • TRANSCOM Reference Data Management (TRDM)
  • Integrated Data Environment (IDE) and Global Transportation Network (GTN) Convergence (IGC)
  • DoD Information Assurance Vulnerability Management (IAVM)
  • IA Vulnerability Advisories (IAVAs)/IA Vulnerability Bulletins (IAVBs)
  • USTRANSCOM Security Notifications
  • United States Emergency Readiness Team (US-CERT)
  • Vendor Security Advisories
  • DISA Continuous Monitoring and Risk Scoring (CMRS)
  • Plan of Action and Milestones (POA amp;M)
  • DODI 8510.01, Risk Management Framework (RMF) for DOD Information Technology (IT)
  • Security Technical Implementation Guide (STIG)
  • Vulnerability Management System (VMS)
  • Enterprise Mission Assurance Support Service (eMASS)
  • DOD Instruction 8500.1 Cybersecurity
  • Common Weakness Enumeration/System Administration, Networking, amp; Security Institute (CWE/SANS) TOP 25
  • Open Web Application Security Project (OWASP) TOP 10
  • National Institute of Standards and Technology Special Publication (NIST)

Leidos Overview:
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems Global Solutions business (IS GS). For more information, visit The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer. JBLeidos ICJBMeta