Description

The National Security Sector of Leidos has a current job opportunity for an Information System Security Officer in Newport News, VA, or Lexington, MA. The successful candidate will work collaboratively with an outstanding team of software developers and engineers to continue to produce and field software on behalf of the US Air Force. Position requires US citizenship and current DoD Secret Security Clearance.

The ISSO will provide "cradle-to-grave" Information Assurance support for a dynamic US Air Force Command and Control program, including discovery, SSP preparation & maintenance, continual C&A, and security sustainment. The successful candidate will provide in-depth experience and technical knowledge of security engineering and network security to participate in and/or lead security related projects and provide mentoring and guidance to other security analysts and teammates.

• Conducting research, developing, implementing, testing, and reviewing a software application's information security IAW DoD/NIST RMF requirements to protect information and prevent unauthorized access. In this role, the candidate will direct the team about security measures, explain potential threats, implement security measures, and monitor applications to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases.
• Hardening newly introduced software components using tools such as Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), and Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations
• Maintain and update existing ATO documentation, including System Security Plan (SSP), Service-Level Agreement (SLA), Incident Response Plan (IRP), Patch Management Plan, Ports, Protocols, and Services (PPS) document, Security Controls Traceability Matrix (SCTM)
• Maintain a STIG matrix and STIG checklists completed for each platform product
• Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS)
• Analyzing results of continuous security scans (from Fortify, SonarQube, ACAS, OWASP, etc) to add exclusions for false findings and coordinate issues for remediation by the software development team
• Running application vulnerability scans that meet mitigation requirements; continually maintain related tracking documentation in government accessible websites (e.g., Naval LIFT, eMASS)
• Working closely with chief engineer to establish a system security engineering (SSE) process to plan, organize, and manage program efforts to achieve maximum security and survivability of the system
• Working closely with government Cyber Security leads and government Information System Security Manager (ISSM) to support Interim Authorization to Operate (IATO), Authorization to Operate (ATO), No Security Impact (NSI), and Security Impact Analysis (SIA) certifications that will be required for releases of the developed program across unclassified and classified enclaves
• Supporting development and maintenance of a system-specific Plan of Action and Milestone (POA&M)
• Apply requirements of NIST 800-53 RMF Framework, understand the differences between NIST 800-53 revision 4 and revision 5.

• Bachelor's degree in information security, Information Systems, Cybersecurity, Information Technology or related discipline, or 8-12 years or additional experience may be substituted in lieu of degree.
• Active and current Secret clearance
• Ability to create metrics, documentation, presentations, and procedures and communicate results effectively
• Knowledge of Continuous Monitoring
• Experience in scanning and interpreting scan results
• Technical writing skills
• Position requires either Security+ or Certified Information Systems Security Professionals (CISSP) certification. If no CISSP, candidate must obtain CISSP certification within 6 months of hire date.

• Strong technical skills in a variety of the following areas: networking, CISCO, Windows OS platforms, database design/admin.
• Prior experience working with government ISSMs, SCAs (and SCA representatives), and AOs
• Vulnerability assessment and analysis experience utilizing SCAP, NESSUS and DISA STIGs
• Experience managing projects within the Atlassian suite of tools (Confluence, JIRA, Bitbucket)
• Experience working with a geographically distributed team