Information System Security Officer

Description

The Leidos Intelligence Group has a career opportunity in Columbia, MD. for an Information Systems Security Officer (ISSO)

Primary Responsibilities

List daily duties and/or specific job responsibilities.

• Provides support for a program, organization, system, or enclave’s information assurance program.

• Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• Self-Starter, capable of working independently with little or no supervision.

• Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.

• Assists with the management of security aspects of the information system and performs day-to-day security operations of the system.

• Evaluates security solutions to ensure they meet security requirements for processing classified information.

• Performs vulnerability/risk assessment analysis to support certification and accreditation.

• Provides configuration management (CM) for information system security software, hardware, and firmware.

• Manages changes to system and assesses the security impact of those changes.

• Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment and Authorization (A&A) packages.

• Supports security authorization activities in compliance with Risk Management Framework (RMF).

• Other duties as assigned.

Basic Qualifications

List the “must have” MINIMUM requirements to be considered for the position and ensure minimum quals fall within the minimum Leidos job code requirements. Example: Bachelors’ Degree with 6 years’ of applicable experience or 4 additional years’ of experience in lieu of degree. Must be able to obtain and maintain a TS/SCI Clearance. Must have 2+ years JAVA experience.

• Bachelor’s degree in information security, Information Systems, Cybersecurity, Information Technology/Network Administration or related discipline, or 8 – 12 years or direct work experience may be substituted in lieu of degree.

• Possess a current DoD 8570.01 compliant certification for IAM Level I, or the ability to obtain within 6 months of employment.

• Understanding of the Risk Management Framework (RMF), National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) cyber security requirements and guidance, cyber security related risk management techniques.

• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management.

• Working knowledge with Microsoft Windows operating systems (workstation & server), Linux, and system virtualization (multiple hypervisors) in a secure network environment.

• Experience with compliance scanning tools and vulnerability scanning tools (e.g., Tenable).

• Must be able to work in a constantly changing regulatory environment with short-, mid- and long-term timelines for remediating any non-compliance.

• Must be able to work well within a team environment and able to adapt quickly to change.

• Excellent verbal and written communication skills.

• Past or current ISSM/ISSO experience.

• Extensive experience working with external audit teams.

• Possess good social skills and the ability to communicate effectively with all levels of employees.

Preferred Qualifications

List additional skills and experience that is “nice to have” but not required.

• Must Have an Active Current Top Secret clearance with SCI w/poly

• Experience conducting security audits of information systems.

• Extensive training or experience with Windows-based Information Systems with a working knowledge of LINUX operating systems.

• Current DoD 8570 compliance with IAT Level I or higher (e.g., Security+, CASP, CISM or CISSP).

• Vulnerability assessment and analysis experience utilizing SCAP, ACAS/NESSUS and DISA STIGs

• Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DSS, etc.)

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.