Leidos Holding
STIG Compliance/Vulnerability Management SME
Leidos Holding, Fairmont, WV
Description
Leidos Digital Modernization Sector has a dynamic opportunity for a STIG Compliance/Vulnerability Management Subject Matter Expert (SME) to work on the NOAA contract. The position can be based in either Fairmont, WV, Boulder, CO.
This position is part of the NOAA Cyber Security Center (NCSC) Security Operations Center (SOC) that executes 24x7 cybersecurity monitoring and incident response for NOAA networks. The STIG Compliance/Vulnerability Management Subject Matter Expert (SME) will work on the ISSO team to help manage the Vulnerability Management plan as well as institute a STIG compliance program. Additionally, as part of the Information Assurance team, develops assessment and validation strategies to ensure compliance. As STIG Compliance/Vulnerability Management SME be capable of understanding a multitude of different technologies, including but not limited to, Windows (workstations and desktops), Linux, Juniper, Cisco, appliances like iDrac, and other applications. Additionally, they need to not only be able to use Tenable/ ACAS, but also should be familiar with EvaluateSTIG, Compliance Viewer and other tools.
As the STIG Compliance/Vulnerability Management SME, you will work either independently or as part of a team to achieve critical mission objectives, ensuring smooth operations for the customer.
What Will You Do
• Evaluate security risks on systems
• Evaluate STIG compliance
• Execute and manage the NCSC Vulnerability Management Plan
• Create and maintain compliance scan policies
• Maintain a master asset list
• Troubleshoot scan issues and coordinate with appropriate team members
• Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the SOC and SE&O to protect the NOAA environment
• Ensure system compliance against federal, DOC, NOAA policies
• Identify & document all non-compliant areas
• Support Assessment and Authorization activities
• Conduct, operate, and maintain vulnerability/compliance assessments and the resulting data and reports
• Author and maintain SOPs and runbooks
• Other duties as assigned
Job Qualifications
• Bachelor's degree in Information Technology, Cybersecurity, or related field with 8 or more years of STIG Compliance/Vulnerability Management experience to including implementing and evaluating STIG controls and security baselines; additional years of experience required in lieu of a Bachelor's degree.
• Significant experience with NIST Cybersecurity Framework and/or risk management within the Intelligence Community.
• 2+ years of project management experience.
• Experience being part of a high performing A&A teams and adapting standards to create "best practices".
• Demonstrate knowledge of ports and protocols
• Demonstrate knowledge of DISA STIGs and related tools
• Possess the knowledge of security best practices, security solutions, and methodologies for risk management per NIST Cybersecurity Framework guidelines.
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
Clearance Requirement
• An active DoD Top Secret clearance
Original Posting Date: 2024-10-03While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
Leidos Digital Modernization Sector has a dynamic opportunity for a STIG Compliance/Vulnerability Management Subject Matter Expert (SME) to work on the NOAA contract. The position can be based in either Fairmont, WV, Boulder, CO.
This position is part of the NOAA Cyber Security Center (NCSC) Security Operations Center (SOC) that executes 24x7 cybersecurity monitoring and incident response for NOAA networks. The STIG Compliance/Vulnerability Management Subject Matter Expert (SME) will work on the ISSO team to help manage the Vulnerability Management plan as well as institute a STIG compliance program. Additionally, as part of the Information Assurance team, develops assessment and validation strategies to ensure compliance. As STIG Compliance/Vulnerability Management SME be capable of understanding a multitude of different technologies, including but not limited to, Windows (workstations and desktops), Linux, Juniper, Cisco, appliances like iDrac, and other applications. Additionally, they need to not only be able to use Tenable/ ACAS, but also should be familiar with EvaluateSTIG, Compliance Viewer and other tools.
As the STIG Compliance/Vulnerability Management SME, you will work either independently or as part of a team to achieve critical mission objectives, ensuring smooth operations for the customer.
What Will You Do
• Evaluate security risks on systems
• Evaluate STIG compliance
• Execute and manage the NCSC Vulnerability Management Plan
• Create and maintain compliance scan policies
• Maintain a master asset list
• Troubleshoot scan issues and coordinate with appropriate team members
• Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the SOC and SE&O to protect the NOAA environment
• Ensure system compliance against federal, DOC, NOAA policies
• Identify & document all non-compliant areas
• Support Assessment and Authorization activities
• Conduct, operate, and maintain vulnerability/compliance assessments and the resulting data and reports
• Author and maintain SOPs and runbooks
• Other duties as assigned
Job Qualifications
• Bachelor's degree in Information Technology, Cybersecurity, or related field with 8 or more years of STIG Compliance/Vulnerability Management experience to including implementing and evaluating STIG controls and security baselines; additional years of experience required in lieu of a Bachelor's degree.
• Significant experience with NIST Cybersecurity Framework and/or risk management within the Intelligence Community.
• 2+ years of project management experience.
• Experience being part of a high performing A&A teams and adapting standards to create "best practices".
• Demonstrate knowledge of ports and protocols
• Demonstrate knowledge of DISA STIGs and related tools
• Possess the knowledge of security best practices, security solutions, and methodologies for risk management per NIST Cybersecurity Framework guidelines.
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
Clearance Requirement
• An active DoD Top Secret clearance
Original Posting Date: 2024-10-03While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.