Logo
Leidos Holding

Information Systems Security Officer

Leidos Holding, Gaithersburg, MD


Description
This position requires an active Top Secret Clearance, and a willingness to undergo a polygraph to be considered. Candidates who do not possess this clearance will not be considered.

Leidos National Security Sector combines technology-enabled services and mission software capabilities in the areas of cyber, logistics, security operations, and decision analytics to support our defense and intel customers' mission to defend against evolving threats around the world. Our team's focus is to ensure our customers have the right tools, technologies, and tactics to keep pace with an ever-evolving security landscape and succeed in their pursuit to protect people and critical assets.

The Spatial Solutions Division (SSD), part of the Decision Advantage Solutions Business Area, is currently seeking an Information System Security Officer (ISSO). The ISSO will be responsible for managing the authorizations and risks related to the processing, storage, and transmission of information for one or more programs within the Analysis Sustainment portfolio. The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands, providing leadership over security assessment activities, working across system ownership and management organizations to test security controls, policies, and procedures, providing program management support, team leadership, and participating in and coordinating the support as needed for security assessment and activities The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices.

The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)), and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk. As part of this process, the ISSO performs testing and security assessments to sustain required accreditations. The ISSO promotes the use of secure hardware and software within the systems affected by government and corporate approval standards. The ISSO works to ensure all required security policies and practices are effectively applied to systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability, and privacy protection throughout the system life cycle.

The ISSO also assists with the execution, analysis, and remediation activities for the vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans different accreditation entities, three distinct classification domain enclaves (U), (S) and (TS), using the Nessus and Tenable-ACAS vulnerability scanning tools.

Primary Responsibilities:
  • Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
  • Must be able to quickly respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines.
  • Maintains system security plans and related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-CIO security tools.
  • Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones.
  • Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities.
  • Provides guidance and engages the program lab team to implement secure software and hardware processes, apply government security standards, and commercial best security practices.
  • Resolves highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements.
  • Communicating with Leidos and NGA leadership (internally or client) regarding matters of significant importance to the organization/project.
  • Apply in-depth understanding of information security technical principles, theories, concepts, and their application across a range of programs.
  • Develop and maintain security documentation per NGA/IC/DoD-DISA/NIST/Industry standards and policies.
  • Initiate and coordinate all Assessment and Authorization (A&A) and renewal activities working with the NGA Designated Authorization Officials (DAO or DAOR).
  • Address any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes.
  • Measure effectiveness of defense-in-depth architecture and Zero Trust policy implementations against known vulnerabilities.
  • Perform security audits and assessments, including creating, tracking, and assisting in remediation of Plan of Action and Milestones (POA&Ms).
  • Coordinate with System Administrators and others to remediate all vulnerabilities and report results. Track open vulnerabilities and obtain and document approvals while managing POA&M status.
  • Update Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan.
  • Manage security profiles and implementation for systems and services scheduled for Assessment and Authorization (A&A).
  • Work with the Systems Engineers and Administrators, Senior ISSO, ISSMs, Lab Team, and Leidos Corporate Security as required to develop and maintain security plans and associated documentation.
  • Maintain records and documentation on program IT systems, upgrades, patches, and connectivity configurations.
  • Evaluate security solutions and implementation strategies for program IT systems and services and maintains operational security posture of development, integration, and deployed capabilities.
  • Provide training and approve user access and IAA (identification, authorization, and authentication) mechanisms for information systems.

Basic Qualifications:
  • US citizenship is required per contract.
  • BS degree and 8 to 12 years of prior relevant experience to operate within the scope of responsibilities
  • Active TS-SCI clearance with ability to obtain CI poly.
  • SEC+ Certification
  • NGA experience desired
  • Experience that demonstrates an understanding and application of the ICD-503 and NIST risk management framework
  • Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK

Preferred Qualifications:
  • Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTs product.
  • Active Certified Information Systems Security Professional (CISSP) certification or ISACA Certified Information Security Manager (CISM) certification.
  • Intelligence Community experience preferred.
Original Posting Date: 2024-09-10While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range: Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.