Description

The Digital Modernization Sector at Leidos currently pursuing a new opportunity that has openings for an Information System Security Manager (ISSM) to work in

Tampa, FL. This is an exciting opportunity to use your experience helping the U.S. Special Operations Command (USSOCOM) Enterprise Development, Application, and Training (EDAT) mission. In this mission

we are focused on providing innovative, data-driven solutions and enterprise architecture enhancements to enable seamless operations across USSOCOM's global network. The program emphasizes rapid

development and deployment of technologies to enhance the mobility and readiness of Special Operations Forces (SOF) in both combat and non-combat scenarios. Key tasks include program management,

• Develop and implement comprehensive information system security strategies to protect against cyber threats and ensure the confidentiality, integrity, and availability of sensitive information, aligning with organizational goals and objectives.
• Oversee the development and maintenance of Authorization to Operate (ATO) packages, ensuring compliance with relevant security controls and requirements, and guide the ATO process from risk assessment to continuous monitoring.
• Provide oversight and guidance for vulnerability assessments, ensuring that identified weaknesses are properly addressed through effective remediation strategies and risk mitigation plans.
• Develop and maintain incident response plans and procedures, ensuring timely and effective incident handling, and providing technical leadership and support to respond to and resolve security incidents.
• Ensure compliance with industry standards and government regulations, including NIST 800-53 and DISA STIG, by developing and implementing compliance plans, providing guidance on audit preparation, and overseeing remediation efforts.
• Lead the integration of security into the software development lifecycle, providing guidance on secure coding practices, secure development methodologies, and ensuring that security requirements are incorporated into system design and development.
• Oversee the development and maintenance of security documentation, including security plans, risk assessments, and incident response plans, ensuring that all documentation is accurate, up-to-date, and compliant with relevant regulations and standards.
• Provide technical leadership and guidance to ensure the security of systems and applications, staying current with industry trends and emerging technologies to continuously improve the organization's security posture.
• Develop and implement comprehensive vulnerability management processes, including scanning, assessment, reporting, and mitigation verification, to identify and remediate vulnerabilities in a timely and effective manner.
• Develop and implement data protection policies and procedures to ensure the privacy of data throughout its life-cycle, from creation to disposal, and provide guidance on safeguarding sensitive information.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, with 4+ years of prior relevant experience, or a Master's degree with 2-6 years of prior relevant experience.
• Must possess a Top-Secret clearance.
• Relevant technical certifications, such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or equivalent.
• Deep understanding of information system security principles, theories, and concepts.
• Broad knowledge of related specialty areas, including compliance reporting, data encryption, and risk management.
• Strong skills in security controls, security management, and risk analysis.
• Experience with information system security tools and technologies, such as firewalls and encryption technologies.
• Familiarity with industry standards, laws, corporate policies, and regulatory requirements, including NIST 800-53 and DISA STIG.
• Ability to apply knowledge of security controls and risk management to protect digital information.
• Strong analytical and problem-solving skills to identify and mitigate potential risks.
• Proven experience managing the Authorization to Operate (ATO) process, with a minimum of one successfully completed ATO under their responsibility.

• Advanced degree in Cybersecurity, Computer Science, or a related field, such as a Master's or Ph.D.
• 5+ years of experience in information system security, with a strong emphasis on vulnerability assessment, risk management, and leading incident response efforts to effectively address security incidents and vulnerabilities.
• Relevant advanced technical certifications, such as Certified Information Systems Auditor (CISA), GIAC Security Leadership (GSLC), Certified Information Systems Security Expert (CISSP-ISSAP), or equivalent.
• Experience with leading or participating in security teams, with a focus on developing and implementing comprehensive security strategies.
• Strong skills in advanced security tools and technologies, such as artificial intelligence, machine learning, and cloud security.
• Experience with agile development methodologies and DevSecOps practices, with a focus on integrating security into the software development lifecycle.
• Experience with mentoring and guiding junior security professionals, with a focus on sharing knowledge and expertise to improve team performance.
• Familiarity with emerging threats and technologies, such as advanced persistent threats, ransomware, and cloud security, and ability to apply this knowledge to improve security measures and protect against cyber attacks.