STIG ComplianceVulnerability Management SME

Leidos Digital Modernization Sector has a dynamic opportunity for a STIG Compliance/Vulnerability Management Subject Matter Expert (SME) to work on the NOAA contract. The position can be based in either Fairmont WV Boulder CO.

This position is part of the NOAA Cyber Security Center (NCSC) Security Operations Center (SOC) that executes 24x7 cybersecurity monitoring and incident response for NOAA networks. The STIG Compliance/Vulnerability Management Subject Matter Expert (SME) will work on the ISSO team to help manage the Vulnerability Management plan as well as institute a STIG compliance program. Additionally as part of the Information Assurance team develops assessment and validation strategies to ensure compliance. As STIG Compliance/Vulnerability Management SME be capableof understanding a multitude of different technologies including but not limited to Windows (workstations and desktops) Linux Juniper Cisco appliances like iDrac and other applications. Additionally they need to not only be able to use Tenable/ ACAS but also should be familiar with EvaluateSTIG Compliance Viewer and other tools.

As the STIG Compliance/Vulnerability Management SME you will work either independently or as part of a team to achieve critical mission objectives ensuring smooth operations for the customer.

Onsite role in either Fairmont WV or Boulder CO.

What Will You Do

Evaluate security risks on systems

Evaluate STIG compliance

Execute and manage the NCSC Vulnerability Management Plan

Create and maintain compliance scan policies

Maintain a master asset list

Troubleshoot scan issues and coordinate with appropriate team members

Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders immediately assess the known environment for presence of the vulnerability and work with the SOC and SE&O to protect the NOAA environment

Ensure system compliance against federal DOC NOAA policies

Identify & document all noncompliant areas

Support Assessment and Authorization activities

Conduct operate and maintain vulnerability/compliance assessments and the resulting data and reports

Author and maintain SOPs and runbooks

Other duties as assigned

Job Qualifications

Bachelors degree in Information Technology Cybersecurity or related field with 8 or more years of STIG Compliance/Vulnerability Management experience to including implementing and evaluating STIG controls and security baselines; additional years of experience required in lieu of a Bachelors degree.

Significant experience with NIST Cybersecurity Framework and/or risk management within the Intelligence Community.

2 years of project management experience.

Experience being part of a high performing A&A teams and adapting standards to create best practices.

Demonstrate knowledge of ports and protocols

Demonstrate knowledge of DISA STIGs and related tools

Possess the knowledge of security best practices security solutions and methodologies for risk management per NIST Cybersecurity Framework guidelines.

Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.

Familiar with the management operational and technical aspects of IT Security in a complex environment.

Clearance Requirement

An active DoD Top Secret clearance

Original Posting:

For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.