Cyber Security Engineering Lead


Job Description:

The Defense Group of Leidos has an opening for a Cyber Security Engineering & Operations (CSEO) Lead for the Air Force and Defense Agencies (AFDA) division. The AFDA division is responsible for performance of enterprise IT programs for Air Force and DoD Fourth Estate agencies, including development and execution of the new business pipeline. The CSEO Lead is a direct billable position responsible for overall technical performance for sustainment, support and digital transformation for an enterprise-wide IT infrastructure for a new customer. This position will support the full lifecycle contract, including supporting the bid and proposal, program startup and transition, and ongoing execution. The work will be performed primarily onsite at the customer location in the Northern Virginia / National Capital Region.

Primary Responsibilities

This role will provide leadership, technical direction and guidance to a cybersecurity engineering team to Develop, implement, maintain, and update the cybersecurity control baseline for enterprise IT systems and applications in accordance with NIST, CNSSI, and DoD instructions and guidelines. In addition will be supporting the program security architects in the development of security controls, mentoring others in technical security concepts and ensuring secure cloud practices are followed. Position will play a meaningful role in maintaining the controls that enable the customer organization to operate expertly, cost effectively, and within compliance standards. Will also assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks. Develop positive partnerships and work closely with other members of the customer and Leidos Information Security and Legal Compliance organizations in a coordinated and focused manner. The Cyber Security Engineering Lead will be part of a fast-paced, high-functioning team performing critical work for an important customer organization .

  • Oversee the strategic, planning and execution of cybersecurity engineering across the enterprise IT environment consisting of multiple application development and infrastructure DevSecOps teams
  • Participate with the client in the strategic design process to translate security and business requirements into technical designs;
  • Provide Cybersecurity Enterprise Architecture (CEA) support to implement controls to support compliance for the designated system categorizations;
  • Supervise cyber security engineers who are embedded in DevSecOps teams to apply systems cyber security engineering assurance baselined on DISA IA Support Environment (IASE) guidance and security best practices as well as commercial security best practices;
  • Support the Vulnerability and Threat Management (VTM) continuous monitoring strategy, tactics, techniques, and procedures (TTPs), and processes for continuous monitoring and management of known and emerging vulnerabilities and threats;
  • Manage and execute the NIST RMF and DoD cyber security policies in accordance with the responsible AO's cybersecurity assessment and authorization (A&A) program implementation;
  • Integrate cyber security engineering expertise into agile development and test processes via technical and change control review, as described in the applicable project management, systems engineer, software development and configuration management plans, processes, and procedures;
  • Plan, monitor, and execute RMF and cyber security-related tasks and activities daily, coordinating with the agile engineering and project milestones to ensure proactive and early insertion of the cyber security requirements;
  • Coordinate support to enter, monitor, track, and update the status of operational baseline issues via the POA&M record through to resolution;
  • Team responsibilities encompass maintaining computer and information security incidents and damage and threat assessment programs;
  • Monitor information systems for security incidents and vulnerabilities. This includes developing monitoring and visibility capabilities as well as reporting on incidents, vulnerabilities and trends.
  • Respond to information system security incidents, including the investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
  • Support investigation of computer and information security incidents to determine extent of compromise to information and automated information systems;
  • Assist with computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, network assessments, researching and maintaining proficiency in tools, techniques, countermeasures, trends in computer network vulnerabilities, data hiding, and network security and encryption;
  • Design, develop, or provide recommendations for integrated system solutions, ensuring proprietary/confidential data and systems are protected;
  • Configure and validate secure systems, and test security products/systems to detect computer and information security weakness.
  • Support cloud certification activities, system hardening, vulnerability testing, and scanning.
  • Craft IT security architectural artifacts, provide architectural analysis of the security features and relate the existing system to future customer requirements.
  • Continuously evaluate the organization's existing application security practices, help to define, standardize, and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the customer organization.

Basic Qualifications
  • Bachelor's Degree with 8+ years of prior relevant experience or Master's Degree with 6+ years of prior relevant experience
  • Must have an active Top Secret security clearance with the ability to obtain and maintain a TS/SCI security clearance
  • Must have a minimum of twelve (12) years of relevant and progressively responsible experience leading teams and managing NIST RMF and DoD cyber security policies in accordance with program cybersecurity assessment and authorization (A&A) implementation
  • Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as NIST SP 800-53, and FedRamp
  • Four (4) years of experience with network security
  • Two (2) years of AWS experience
  • Bachelor's Degree in Computer Science, Information Systems, Cyber Security, Intelligence Analysis or related field, or equivalent experience
  • Possesses an active CISSP (ISC2 Certified Information System Security Professional) or Certified Information Security Manager ( CISM).
  • Experience in patch management and vulnerability scanning in AWS
  • Operational knowledge of CI/CD pipelines and Git
  • Problem solving skills to solve problems effectively and creatively while maintaining a high level of flexibility, professionalism and integrity
  • Ability to work well with people from many different disciplines with varying degrees of technical experience
  • Excellent verbal and written communication skills
  • Ability to multi-task and work in a dynamic, fast-pace environment
  • Demonstrated ability to participate in cross-functional planning, coordination, and task execution

Preferred Qualifications
  • Possesses an active Certified Ethical Hacker (CEH) certification.
  • Minimum of five years of experience (at least three year of experience in the past five years) managing an incident response team in a DOD environment.
  • Minimum of five years of experience (at least three year of relevant experience in the past five years) as a technician using DOD enterprise cyber tools, such as, ACAS, HBSS, SIEM, Firewalls, and Network Access Control (NAC).
  • Experience supporting defensive cyber operations at the DOD Joint level, such as, working for USCYBERCOM, JFHQ-DODIN, NSA/Central Security Service (CSS), National Mission Force, or Service Cyber Protection Team (CPT).
  • Experience as an expert technician using any of the following CND tools: SIEM, Intrusion Detection System (IDS), PowerShell, Kali Linux, Burp Suite, Metasploit, and Meterpreter.
  • Experience as an expert in any of the following CND tactics and techniques: malware analysis, network exploitation, packet analysis, Snort signature development, and red team and hunt team.

External Referral Bonus:


External Referral Bonus $:

Potential for Telework:


Clearance Level Required:

Top Secret


Yes, 10% of the time

Scheduled Weekly Hours:




Requisition Category:


Job Family:

Information Assurance

Pay Range: