Junior Security Control Assessor

Job Description:

Leidos is seeking a Jr. Security Control Assessor (SCA) that is responsible for planning executing and documenting security control assessments in accordance with NIST SP 800-53 Revision 5 NIST SP 800-53A Rev. 5 and applicable federal security assessment methodologies. The SCA evaluates the effectiveness of implemented security controls across systems environments and organizations to determine compliance residual risk and readiness for Authorization to Operate (ATO).

If this sounds like a mission you want to be a part of keep reading!

TEAM CULTURE

Your passion and values might be a good fit for our teams if you answer yes to the following questions:

• Are you looking for a company that puts employees first with a focus on career flexibility and well-being
• Do you enjoy collaborating with colleagues and teammates and believe that the best ideas are fostered in an inclusive environment
• Are you searching for a team with a strong sense of ownership urgency and drive for daily mission success
• Are you comfortable with proactive outward communication and technical leadership
• Do you enjoy being a catalyst solving complex problems and providing innovative solutions
• Do you have the flexibility creativity and resilience to pivot the mission for success
• Do you have the courage to make tough ethical decisions with pride transparency and respect

MENTORSHIP & CAREER GROWTH

Our teams are dedicated to supporting new team members in an environment that celebrates knowledge sharing and mentorship. Experienced team members will be assigned to new hires for one-on-one mentoring collaborative reviews and coaching on customer engagement to help each new hire successfully onboard and demonstrate their skills. Projects and tasks are assigned in a way that leverages your strengths and will help you further develop your skillset.

DAY TO DAY RESPONSIBILITIES

Every position we take is more rewarding when you know the why behind your work makes a difference to support those who need it most. If your passion is enabling life changing service to those around you this is the place for you. Find you passion in a team environment where all members are valued regardless of contractor or employee status. Find your Why with us and take your place in our Leidos Family!!

Key Responsibilities

• Develop and execute Security Assessment Plans (SAPs)aligned with NIST 800-53A Rev. 5 assessment procedures.
• Conduct independent security control assessments (SCAs)to validate that implemented controls meet applicable federal and agency security requirements.
• Perform evidence reviews interviews and technical testing(e.g. configuration validation vulnerability scans policy reviews).
• Document findings weaknesses and residual risks in Security Assessment Reports (SARs)and provide recommendations for remediation.
• Assess the implementation and effectiveness of security controls across all NIST control families including Access Control (AC) Audit and Accountability (AU) Configuration Management (CM) Incident Response (IR) Risk Assessment (RA) and System & Communications Protection (SC).
• Collaborate with Information System Owners (ISOs) Information System Security Officers (ISSOs) and Authorizing Officials (AOs)to clarify assessment results and risk posture.
• Map findings to Risk Management Framework (RMF)steps 4 and 5 supporting authorization decisions.
• Participate in Continuous Monitoring (ConMon)and annual assessmentactivities for ongoing authorization.
• Ensure assessment procedures are consistent with NIST FedRAMP and agency-specific security requirements.
• Maintain up-to-date understanding of changes in NIST guidance FISMA and Zero Trust Architecture (ZTA) frameworksthat impact assessment criteria.

Required Qualifications

• Bachelors degree in Computer Science Information Assurance Cybersecurity or a related field (or equivalent experience).
• 2 years of experience performing security control assessmentsunder NIST RMF or FedRAMP.
• In-depth knowledge of NIST SP 800-53 Rev. 5 NIST SP 800-53A Rev. 5 and NIST SP 800-37 Rev. 2.
• Experience using security assessment toolssuch as Nessus Splunk ACAS OpenVAS or equivalent.
• Familiarity with vulnerability management configuration baselines and system security documentation (SSP POA&M SAR).
• Strong analytical documentation and reporting skills.
• Ability to communicate technical findings clearly to both technical and non-technical audiences.
• Must be willing to work on site in Baltimore MD 5 days per week
• Must be able to obtain and maintain a Public Trust. Contract requirement.

Preferred Qualifications

• Certifications such as CISSP CISA CAP CEH or Security.
• Experience performing assessments in FedRAMP DoD RMF or DHS CDMenvironments.
• Knowledge of Zero Trust principlesand their alignment with NIST SP 800-207.

*** Selected candidate must be willing to work on-site in Woodlawn MD 5 days a week.

At Leidos we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers success. We empower our teams and contribute to our communities. Everything we do is built on a commitment to do the right thing for our customers our people and our community. Our Mission Vision and Values guide the way we do business. Every position we take is more rewarding when you know the why behind your work makes a difference to support those who need it most. If your passion is enabling life changing service to those around you this is the place for you. Find your passion in a team environment where all members are valued regardless of contractor or employee status. We are excited for you to take your place in our Leidos Family.

Were not looking for perfectly polished resumes or perfect fits. Were looking for people who break limits ask hard questions and dont wait to be told whats next. At Leidos were not following the roadmap were redrawing it.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.