Information Systems Security Engineer (ISSE)

Leidos Health & Civil Sector is seeking a highly motivated and experienced Information Systems Security Engineer (ISSE) to join our team. This position directly supports programs which provide a broad array of information, resources, referrals, mental health coaching and specialized support for military members and their families worldwide. These programs are directly responsible for supporting military community quality of life issues.

**This job posting is in anticipation of future work**

The ISSE is responsible for the integration of security architecture & engineering efforts into the information technology life-cycle. Leads architecture, engineering, implementation, integration, maintenance and improvement of all systems to meet requirements for building software/hardware components and supporting technical infrastructure. Develops and architects processes in support of RMF testing, applying STIGs, software patches, software testing, and vulnerability identification, management and reporting for all information systems, Contact Center technologies, user endpoints, network segments, and cybersecurity protective/defensive stacks. Leads technical planning, technical design, development and integration, verification and validation of security profiles and accreditations IAW with DoD CIO, DISA, U.S. Cyber Command, and MC&FP policies, guidance, and mandates. Designs and architects Security Control Assessments that mitigates cyber threats, vulnerabilities, and risks for all systems and networks. Provides data input to RMF, A&A, and/or ATO/ATO-C packages. Integrates security concepts, controls, and mechanisms into the design and architecture phases to produce a reliably secure product in executing program services adhering to the policies, procedures, standards, and principles defined in the CUI IR Policy and Procedural Guide and are cohesively aligned with legislative mandates, executive orders, DoD policies, instructions, directives, and standards (e.g., RMF). Responsible for supporting disaster recovery solutions (i.e., RTO). This position is a remote position and requires a quiet, private, confidential space to work from as well as having access to your own reliable high-speed internet hard wired to your home or apartment (coax or fiber from the Internet Service Provider (ISP) to your home. Using a hot spot from a mobile device (tethering) or wireless ISP is not acceptable.

Primary Responsibilities:

• Responsible for maintaining ATO packages and documentation within eMASS.

• Works within the framework of the DoD vulnerability management program; reviews vulnerability scan results to verify accuracy and manages/assigns/tracks POAMs.

• Works with SCA and ISSM to verify control implementation and supports ATO testing and continuous monitoring of security controls.

• Works with SCRUM Master to ensure cybersecurity controls are implemented/maintained/remain effective; works with developers to coach them on effective implementation of security controls or mitigations.

• Responds to security incidents and supports CSSP in resolution of security incidents.

• Works with cloud team to monitor and support implementation of access controls.

• Tracks and monitors threat intelligence feeds for attack patterns and emergence of new/existing cyber threats; makes recommendations on potential countermeasures.

• Tracks new cyber technology trends; makes recommendations for new improvements and enhancements to existing cybersecurity technology stack. 

• Participates as voting member/tech advisor to configuration management and other governance boards.

• Reviews vulnerability scan data and leads vulnerability management efforts by identifying, documenting, remediating, and/or mitigating vulnerabilities in the environment.

• Supports efforts to ensure adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and/or regulatory requirements.

• Supports incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.

• Supports development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction.

• Ensures proper security logs are generated and sent to the CSSP organization’s Security Information and Event Management (SIEM) system.

• Persistently evaluates adherence with defined policies and standards.

• Ensures appropriate POA&M management by driving resolution/remediation of high risk and aged findings.

• Supports the development, design, implementation, operation, and maintenance of a secure environment.

Basic Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, or related field and 5-8 years experience with RMF and DoD A&A processes to include eMASS user experience.

• 4+ years of AWS experience as a Cloud Security Architect/Engineer; AWS Security certification a plus.

• Minimum of 5 years of experience in IT security risk assessments and DoD related frameworks (i.e., NIST 800 series, CNSSI 1253).

• Familiar with AWS security services (e.g., Guard Duty, AWS Cloud Trail, AWS Cloudwatch, Amazon Inspector and AWS Security Hub).

• One or more industry-recognized experience/certifications in security (e.g., CISSP, CCSK, CISA, CISM, CEH, Security+) required, CISSP preferred.

• Strong knowledge of the AWS Infrastructure services.

• Strong understanding of the Agile development process, especially within the context of AWS. 

• Strong communication, proactive methods for problem solving, strong documentation, coordination, and collaboration skills across the enterprise.  

• Must be detail oriented and a Self Starter.

• Ability to obtain and/or maintain an Active Secret Security Clearance. US Citizenship is required.

Preferred Qualifications:

• CISSP preferred.

• 5+ Years of experience in Cyber Security field as an Information Security Architect, Security Engineer, or Cloud Security Architect. 

• Previous experience simultaneously managing two or more DoD system authorization packages as an ISSE preferred.

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.