Security Engineer

The Digital Modernization Sector at Leidos currently has an opening for a Security Engineer to work in our Lorton VA office. This is an exciting opportunity to use your experience helping the Homeland Enterprise Information Technology Secure Services & Support (HEITS) Program contracted this mission we support the Department of Homeland Security to deliver cybersecurity and information assurance services.

Primary Responsibilities

The Security Engineer Linux / Tenable Compliance is responsible for securing and hardening enterprise Linux servers managing Tenable vulnerability scanning platforms and driving compliance across on-prem and cloud environments. This role sits at the intersection of operations and governance: building and maintaining secure baselines tuning Tenable scans interpreting results and partnering with engineering teams to remediate findings in line with organizational policies and regulatory requirements.

The ideal candidate has strong hands-on Linux (RHEL/Ubuntu) experience deep familiarity with / Nessus and a proven track record of supporting compliance frameworks (e.g. NIST DISA STIGs CIS benchmarks).Implement and maintain secure network architectures (e.g. segmentation zoning DMZs zero-trust-aligned designs) in accordance with organizational policies and industry best practices.

• Administer and harden Linux servers (e.g. RHEL Rocky Ubuntu) including OS configuration patching and security baseline enforcement.

• Install configure and maintain Tenable platforms ( Nessus Nessus Agents connectors) to support continuous vulnerability scanning.

• Develop and maintain scanning policies schedules and dashboards to provide accurate visibility into security posture.

• Analyze Tenable scan results; validate true positives vs false positives and work with system and application owners to drive timely remediation.

• Map vulnerabilities and configuration findings to relevant compliance requirements (e.g. NIST 800-53 DISA STIGs CIS benchmarks organizational policies).

• Support the creation and maintenance of secure configuration baselines and hardening guides for Linux servers and related middleware.

• Generate compliance and vulnerability reports for leadership auditors and governance teams; track remediation progress and aging.

• Collaborate with infrastructure DevOps and application teams to integrate security and compliance into change management patch cycles and deployment pipelines.

• Participate in security incident response activities related to Linux hosts including log review containment and forensic support.

• Contribute to SOPs playbooks and runbooks for vulnerability management patching and compliance monitoring.

• Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.

Basic Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science or related field and 8 years experience; or additional equivalent experience may be considered in lieu of a degree.

• 58 years of hands-on experience administering and securing Linux systems in an enterprise environment.

• Active TS/CI government security clearance

• Direct experience with and/or Nessus for vulnerability management (configuration policy creation agent management reporting).

• Solid understanding of vulnerability management lifecycle: discovery assessment prioritization remediation and verification.

• Experience implementing or supporting security/compliance frameworks such as NIST 800-53 DISA STIGs CIS benchmarks or similar.

• Strong skills in Linux CLI shell scripting and basic automation (e.g. Bash Python Ansible) to support configuration and remediation.

• Familiarity with log management and SIEM solutions and how they integrate with Linux hosts.

• Ability to interpret technical vulnerabilities (CVEs CVSS) and clearly communicate risk and remediation options to technical and non-technical stakeholders.

• Excellent documentation skills including the ability to produce clear procedures diagrams and reports.

Preferred Qualifications

• Experience with configuration management tools (e.g. Ansible Puppet Chef Salt) to enforce secure baselines at scale.

• Experience working in regulated or audit-heavy environments (e.g. FISMA FedRAMP PCI-DSS HIPAA SOX).

• Familiarity with Windows server hardening and cross-platform vulnerability management.

• Experience integrating Tenable with ticketing/ITSM tools for automated ticket creation and tracking.

• Certifications such as Linux RHCSA/RHCE Security CySA Tenable-certified CISSP or similar.

• Experience in federal / DoD / IC / state & local government or other large enterprise environments.

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.