Senior High-Value Asset (HVA) Assessor

Job Description

The mission of the DHS Chief Information Security Officer Directorate (DHS CISOD) is to support the Departments implementation of all applicable regulatory requirementsincluding the Federal Information Security Modernization Act (FISMA) relevant OMB circulars Executive Orders Federal laws directives policies and regulationswhile providing the Department of Homeland Security (DHS) a secure and trusted computing environment. Information security is an essential business function critical to enabling DHS to conduct its operations and deliver service to the public.

Leidos is seeking an experienced Senior High-Value Asset (HVA) Assessor to join our team on a highly visible and strategic Cybersecurity Assessments contract. The assessor will lead and execute comprehensive HVA assessments in strict alignment with CISA Assessment Evaluation and Standardization (AES) guidelines and the DHS HVA Program Management Office (PMO).

Primary Responsibilities

• Lead end-to-end execution of Non-Tier 1 HVA assessmentsincluding planning onsite/remote execution and close-outensuring compliance with CISA AES methodology.

• Serve as Assessment Lead or Technical Lead; coordinate assessment teams (operators SMEs) and assign roles to meet project objectives and deadlines.

• Maintain personal AES-HVA Assessor certification by passing the required multiple-choice examination and report-writing evaluation and by participating in at least one assessment per year; ensure team members do the same.

• Develop and deliver detailed assessment reports within 30 days of out-brief clearly articulating findings risk impacts and prioritized recommendations.

• Create refine and publish Standard Operating Procedures (SOPs) best practices templates and training materials; maintain these in corporate and DHS knowledge repositories.

• Produce and update an enterprise-wide HVA assessment schedule; track staff qualifications and monthly assessment metrics for reporting to the DHS HVA PMO.

• Coordinate with stakeholders to gather pre-assessment artifacts provide advance preparation guidance and manage logistics for assessment engagements.

• Manage an electronic repository on the DHS network for all HVA artifacts ensuring secure storage version control and ease of retrieval.

• Mentor and train newly onboarded assessors on AES methodology CISA tools and DHS operating environments.

• Support continuous improvement by recommending updates to HVA evaluation methods categorization processes and tool configurations.

Basic Qualifications

• Education / Experience

  • Bachelors degree in Computer Science Cybersecurity Information Systems Engineering or a related field and 8 years of hands-on information-security or cybersecurity-assessment experience OR

  • Masters degree in a related field and 6 years of relevant experience.

• Active AES-HVA certification (or ability to obtain within 90 days) and demonstrated success in both the multiple-choice and report-writing components.

• Experience leading or co-leading HVA security control assessments or similar security assessments in large Federal or enterprise environments.

• Deep knowledge of NIST SP 800-53 SP 800-60 CSF and other Federal cybersecurity guidance; familiarity with FISMA reporting requirements.

• Strong analytical skills for identifying vulnerabilities correlating technical data and prioritizing remediation actions.

• Proven ability to write clear technically sound reports and deliver executive-level briefings.

• Ability to obtain and maintain a DHS Suitability/Public Trust Clearance/EOD

Preferred Qualifications

• Prior DHS or other Federal agency cybersecurity-assessment experience.

• Industry certifications such as CISSP CISM CISA GIAC (GXPN/GWAPT/GSEC) or CompTIA Security.

• Working knowledge of common enterprise operating systems (Windows Linux z/OS) networking protocols and security-monitoring tools (e.g. Splunk Nessus Qualys).

• Experience developing SOPs training curricula or knowledge-management repositories for cybersecurity programs.

• Demonstrated success managing geographically dispersed assessment teams and multiple concurrent engagements.

Come break things (in a good way). Then build them smarter.

Were the tech company everyone calls when things get weird. We dont wear capes (theyre a safety hazard) but we do solve high-stakes problems with code caffeine and a healthy disregard for how its always been done.

Original Posting:

For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.