Description

The Leidos Cybersecurity, Architecture, and Engineering (CAE) organization has an immediate opening for a motivated junior Cybersecurity Engineer. This role can be supported remotely or from one of the following locations: Gaithersburg, MD, Reston, VA or Orlando, FL.

As a member of the Cybersecurity Architecture and Engineering Team (CAE), the Cybersecurity Engineer is primarily responsible for performing processes that ensure secure system architectures and implementations adhere to regulatory compliance and Leidos security best practices. This role requires the ability to learn and apply regulatory requirements and best practices to review and validate designs across the Leidos global architecture. To be successful as a Cybersecurity Engineer, you should understand and be able to explain security concepts to customers in common terms and ultimately build relationships within the Leidos enterprise.

• Actively participate in design reviews for enterprise environments and capabilities. These design decisions, technical control implementations, and risk mitigation measures set the foundation for Leidos' global cybersecurity posture.
• Work with Leidos Corporate customers to understand their needs and design appropriate environment controls to provide solutions that adhere to security standards.
• Inform stakeholders of any security issues with the technical solutions being proposed and assess the business impact that certain technical choices have.
• Enhance, document, and moderate this process, working alongside highly experienced Security Architects and Engineers to ensure reviews are comprehensive and repeatable.
• Support projects with global impact and tool development to enhance global cybersecurity posture.
• Support the overall team with their mission by tracking security statuses, collaborating with stakeholders, providing input into process enhancements, and other duties as assigned.
• Learn from SMEs who have deep cybersecurity domain knowledge in their area of expertise (Endpoint, Network, Application, Mobile, and Cloud security) to gauge interest and career growth opportunities.
• Interface with other organizations outside of Engineering to ensure inputs and outputs meet expectations.
• Keep up to date with regulatory standards (e.g., NIST 800-171, CMMC, Privacy, among others).
• Keep up to date with cybersecurity practices.

• Bachelor's degree and 1-2+ years of experience in Information Security with a real passion for the field. Additional years of relevant experience, training, and/or professional certifications will qualify in lieu of a degree.
• Must be able to obtain a Security Clearance and therefor have US citizenship. Individuals do not need to possess a clearance today.
• Ability to write and verbally communicate effectively to both technical and non-technical audiences.
• A self-starter who can use a combination of learned skills, personal networking, and grit to achieve objectives.
• Must have strong problem-solving and analytical skills.
• Understand security fundamentals within different areas of expertise (Networking, Endpoint, Application, Cloud, Mobile, etc.) in order to apply Leidos technical security standards.
• Demonstrate poise and creativity while working with other architects in different domain spaces to come to a common solution.

• Experience and comfort in taking strategic intents and driving technical organizational change.

• Demonstrated experience developing and deploying security solutions that meet customer requirements.

• Information security experience as a DoD and/or Intelligence Community employee or contractor would be a bonus.
• Knowledge and experience in DFARS; NIST 800-53; NIST 800-171
• Knowledge of a broad spectrum of security products and ability to conduct analysis of alternatives to onboard new enterprise capabilities.
• Experience and background in Application Security, with a basic knowledge of Software Development Lifecycles/Processes will be helpful but can be taught.
• A basic understanding of Cloud IaaS/SaaS delivery models with experience in any one of the following: AWS, Microsoft, Google, or Oracle clouds will be helpful but can be taught.

• Familiarity with securing web application deployment architectures considering Web, App, and DB tiers will be helpful, but can be taught.