- Support program managers as the Subject Matter Expert (SME) in Information Assurance & Cybersecurity
- Establish policies & procedures that implement the System Development Life Cycle (SDLC) and Risk Management Framework (RMF) best practices
- Serve as the primary liaison with the customer's cyber security representative for all cyber security / information assurance tasks
- Lead efforts to establish connectivity to government enclaves (SIPRNet, JWICS, Stand alone, Special Access Require (SAR)-level networks etc.)
- Lead all aspects of the Risk Management Framework (RMF) process thru Authority to Operate and Continuous Monitoring
- Manage the establishment of contractor owned information system that are approved for classified processing (all aspects to obtain Authority to Operate (ATO))
- Work with physical security staff to ensure facility authorizations are in compliance with classified processing requirements
- Assist in the implementation and configuration of security controls, technologies, and infrastructure components.
- Prepare and review security documentation such as System Security Plans (SSPs) and Security Assessment Reports (SARs)
- Perform security testing and evaluation activities such as vulnerability assessments, penetration testing, and security control assessments.
- Conduct assessments to ensure compliance with established policies and guidelines.
- Contribute to the design of information systems to ensure their compliance with security protocols.
- Collaborate with Information System Security Manager (ISSM), Security, Program Management, and the Government Customer(s) on all the above.
- Detailed knowledge of the assessment & authorization (A&A) process
- Experience with ICD-705
- Experience with 32 CFR part 117 (NISPOM)
- Understanding of hardware and software engineering best practices
- Current DoDM 8570 IAT III Certification is required.
- Must have an active TS/SCI
- Bachelors degree in a relevant discipline (e.g. Computer Science, Information Assurance, Information Security System Engineering) and 8-12 years relevant experience
- CISSP-ISSEP Certification
- Certified Cloud Security Professional (CCSP) or equivalent cloud computing certification
- Previous experience working on Special Access Programs (SAPs)
Information Systems Security Engineer - Alexandria, United States - Leidos
Description
This Information Systems Security Engineering opportunity will allow you to lead the integration of cyber security architecture & engineering efforts across multiple security domains.
As the cyber security subject matter expert (SME) you will influence information system design, development, and integration of hardware & software solutions.
Working with other team members the ISSE utilize the risk management framework (RMF) systems development life cycle (SDLC) to ensure all aspects of cyber security are incorporated into the system design and implementation.
Primary ResponsibilitiesSolid understanding of the Risk Management Framework (RMF) and the System Development Life Cycle (SDLC)
Pay Range:
Pay Range $97, $150, $202,500.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary.
Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.