Senior Information Security Engineer

Leidos is seeking an Information Systems Security Engineer (ISSE) for a technical development program supporting cloud-based applications and its associated cloud infrastructure located on a highly secure network. The ISSE will work with a large team of developers system engineers DevOps engineers database administrators and system architects.

Core business hours for the team are from 9 AM to 3 PM daily exceptions outside of those hours for the candidate may be negotiated in consultation with management.

The typical day for an ISSE supporting the cloud-based applications is as follows:

• The ISSE will participate in the teams regularly scheduled Agile tag up (scrum) meetings and report on the status of their assigned Jira issues
• Attend ad-hoc TEMs with the team to discuss and weigh in on numerous architectural aspects of the systems for assessing security impacts that may arise with system changes
• Assist with and/or lead security scans of the systems and report and analyze findings for impacts
• Review any security findings (CVEs) as noted by outside entities for system impact analysis and how best to proceed with addressing them
• Participate in team TEMs and review future system changes/new features for security impacts

Primary Responsibilities

• Identifying selecting implementing and assessing NIST SP 800-53 security and privacy controls.
• Developing establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines
• Participate in creating secure architectures and designs
• Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
• Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements
• Reviewing creating and maintaining relevant Assessment and Authorization (A&A) artifacts
• Performing security analysis and monitoring of a 100 percent AWS cloud-based system
• Performing vulnerability scanning and analysis of the system
• Perform remediation and develop security implementations based on security findings
• Interface with Information System Security Managers (ISSM) to develop and accredit the system
• Participate in or lead technical exchange meetings document meeting outcomes as needed and brief management

Required Qualifications

• Bachelors degree and 8 years of experience. Additional experience in lieu of degree.
• Active TS/SCI with Polygraph
• Other qualifications:
  • Hands on experience with Linux (CLI)
  • Hands on experience with scripting and programming languages like BASH and Python
  • Solid understanding of experience with networking (e.g. ports routing tables subnets VPNs firewalls routers etc.) to include design integration and troubleshooting issues
  • Experience in working on teams utilizing Agile workflows and processes
  • Strong understanding of NIST SP 800-37 NIST SP 800-53 NIST SP 800-160 DISA/CIS STIGs and Common Vulnerabilities and Exposures (CVEs)
  • Experience with RMF workflow tools
  • Strong communication organizational and writing skills.
  • Must be able to clearly and directly articulate their findings and recommendations.
  • Must be open minded to considering alternative approaches to possible security issues noted by other team members

Desired Qualifications

• Relevant IT certifications (e.g. CISSP AWS Cloud Practitioner AWS Cloud Security AI security etc.)
• Experience working with Infrastructure as Code (IaC) solutions such as Ansible / Terraform or other configuration and automation tools
• Experience in working in a cloud-based environment (AWS)

FIP

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.