Principal Information Systems Security Engineer (ISSE)

Description
This role provides information security solutions compliant with the Risk Management Framework (RMF) and ICD 503 Security Accreditation control as part of an Agile team. Responsibilities include collaborating with the customer security organization to ensure RMF processes are followed, policy is translated to operational procedures, proper tools are leveraged in the DevSecOps CI/CD Pipeline, verification that security policy and procedures are enforced, and some work generating body of evidence (BOE) information for security approval processes. This role installs and maintains security scanning tools, performs security scans, reviews scan results, and supports information system security officers (ISSOs). Flexible cross-training to also provide systems engineering, software development, training, security, and testing is also desired.

Primary Responsibilities:
This role is responsible for protecting the organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording and destruction. Duties include managing and enforcing security strategies and policies within established guidelines and assisting in the generation of BOE information.

• Cyber-Security and Compliance & Risk Management.
• Identify and define system security requirements.
• Design computer security architecture and develop detailed cyber security designs.
• Prepare and document standard operating procedures and protocols.
• Configure and troubleshoot security infrastructure devices.
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks in a consultative role.

Basic Qualifications:

• Requires BS degree and 12 or more years of prior relevant experience or Masters with 10 or more years of prior relevant experience. Will consider experience in lieu of a degree.
• 5 years of system engineering or system administration
• Experience coordinating with RMF stakeholders (ISSMs, SCAs, etc.) in testing, documenting, and achieving accreditation of systems throughout the development process, and achieving operational acceptance.
• Conducts vulnerability routine scanning, provides formal and informal reports to IT team and tracks remediation efforts
• Proactively identify security flaws and vulnerabilities.
• Continuously review security bulletins and related news; stay apprised of current threats and trends.
• Track common vulnerabilities and exposures (CVE) based security threats and map to internal controls and remediation plans.
• Audit systems for secure configuration.
• Investigate and respond to cyber security incidents (system and/or network breaches, malware attacks) and implement forensic investigations.
• System & network security monitoring with security information event management tools.
• Participate in data and root cause analysis for each service impacting incident with all possible corrective actions for improvement.
• Performs other duties as assigned.
• At least 2 Certifications: CISSP, Splunk, Network+, Security+, OSCP, Windows, Cisco, CEH, Juniper, RHEL
• Candidate must have an active TS/SCI with polygraph

Preferred Qualifications:

• Experiences with at least one vulnerability scanning tool (AWS Inspector, Rapid 7 Nexpose , AppDetective, WebInspect, OWASP etc.)
• Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
• Familiar with SEIM and Cloud Computing Technologies (AWS)
• Experience with Agile Software Development
• Experienced with HBSS, IDS/IPS, VPNs, DISA STIGs
• Experience with RHEL
• Experience with system health tools (App D ynamic s , SolarWinds)
• Knowledge of potential attack vectors such as XSS, injection, hijacking, social engineering
• Splunk end user experience with knowledge of how to create Splunk Dashboards are a plus
• OS patching experience
• Linux command line experience
• Microsoft Windows experience
• Automation experience

CABARESTON
Original Posting Date: 2024-10-02While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range: Pay Range $122,200.00 - $220,900.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.