Leidos has an immediate opportunity for aInformation Assurance Security Engineer/Information System Security EngineerinChantilly, VA. This position requires a candidate with anactive TS/SCI clearance.
The Information Assurance Security Engineer (IASE) provides direct security engineering support to the execution of the customer’s Information Assurance (IA) Certification and Accreditation (C&A)/Assessment and Authorization (A&A) mission.
The IASE will be responsible for:
Installation, configuration, testing, and administration of systems and capabilities to support the automated scanning, monitoring in support of C&A/A& and ICD-503, NIST 800-53 security controls mappings, reporting of FISMA and reporting of Information Assurance Vulnerability Alerts (IAVA)/Intelligence Community Vulnerability Alerts (ICVA).
Integrating and testing new features and functions within the A&A Management solution. This includes, but may not be limited to, DoD 8500.2, and NIST 800-53 Security Controls mappings; implementing updates business processes, workflow, and templates; and direct support to the government customer.
Performing security assessments; design reviews; and providing guidance on new technologies for the program. New technologies may include, but are not limited to, Cloud technologies, Hardware, Operating System, Web technologies; and Databases.
EDUCATION & EXPERIENCE:
B.S. in Computer Science, IT or applicable engineering or science field.
8 – 12 years of prior relevant experience or Masters with 6 – 10 years of prior relevant experience.
Active TS/SCI clearance with the ability to obtain a polygraph.
Certifications equivalent to DoD 8570.1M IAT Level II, including Security+ CE or above, or IAM Level II, including CISM, CISSP, or CAP Certification, or IA SAE II.
Demonstrated proficiency in developing and implementing a Cybersecurity plan for a new operational system resulting in an ATO and/or ATC.
Knowledge of the DoD Authorization and Accreditation (A&A) process and standards as implemented in the NIST Risk Management Framework (RMF).
Experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, firewall policy, ports, and protocols.
8+ years of Security Engineering experience with DIACAP, ICD-503, and/or NIST Risk Management Framework.
Experience implementing and executing software and security engineering practices as defined by NIST 800-53, ICD-503.
Experience with DoD, DISA, and IC tools, systems, reporting mechanisms and requirements for C&A.
Experience with Tenable Nessus creating custom scan templates, auditing findings, and recommending remediation steps.
Familiarity with AWS concepts and cloud-based security best practices.
Experience inRHEL OS hardening; securing systems/software IAW IC, DoD, and industry best practices; development of security controls, testing methodologies, and procedures for systems, cloud based architectures.
Experience withSCAP based tools and specifications.
Experiencedesigning, developing and using host based and network based scanning tools.
Experience in the areas of system/software design, development, integration, testing, system administration, O&M.
Experience with both Windows and RHEL operating systems.
External Referral Eligible