- Executes Information Assurance and Risk Management Framework processes and performs duties as ISSO for C5ISR CSSP authorization boundary subscribers
- Supports monitoring of all available resources that provide warnings of system vulnerabilities or ongoing attacks
- Communicates with internal and client project team members. Works to implement solution designs and/or processes in hardware, software, data and procedures.
- Coordinates with personnel on system security compliance and Information System Authority to Operate.
- Executes Configuration management policies and procedures for authorizing the use of hardware/software
- Supports Information Security Reviews, Security Inspections, and Tests
- Assists with assessment of system security threats/risks
- Supports validation of system security requirements definitions and analysis
- Assists with assessment and authorization process as needed
- Supports the tracking and validation of security incidents and may be required to investigate, document, report, and provide future protective and corrective measures in response to such incidents
- Supports Leadership Briefings on system security compliance and Information System Authority to Operate (ATO) compliance, expiration and actions
- Supports implementation of the Risk Management Framework (RMF) methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission
- Reviews evidence and artifacts provided by the ISSE for determination of the RMF controls’ compliance
- Creates documentation (e.g., plans and policies) to satisfy the compliance of RMF controls
- Populates and maintains RMF database (eMASS) with bodies of evidence to support system authorization actions, and verbiage to answer controls and their control correlation identifiers (CCIs)
- Collaborates with the Program Managers, Government Information Assurance Program Managers, ISSMs, engineers and configuration managers to maintain an effective risk assessment process.
- Ensures data stewardship (confidentiality, integrity, and availability) is established for each IS, and specific requirements are enforced
- Is attentive to any security advisories and alerts from DoD, USCYBERCOM, and other authoritative sources and ensures the system complies with them
- Monitors system authorization boundary’s logs for any unauthorized actions and remains cognizant of alerts/notifications to ISSM/ISSO
- BS & 8-12 years of prior relevant exp in Information Security; or Masters with 6-10 years of prior relevant exp in Information Security; Additional experience may be considered in lieu of a degree.
- 10 + years of experience within the information technology job field.
- Must possess a current DoD Top Secret/SCI clearance single-scope background investigation. TS with current SCI eligibility accepted.
- Knowledge of RMF process, eMASS workflow tools
- Knowledge of DoD policies and procedures relating to information technology
- Experience working with cloud computing and infrastructure (AWS, Azure, etc.)
- Maintains currency of required DoD/USARMY trainings
- Per DoD Approved 8570 Baseline Certifications, obtains and/or maintains required Cyber Security Service Provider (CSSP) Auditor certification AND IAM Level II certification
- Bachelor’s degree in a STEM discipline (Computer Science, Engineering, Mathematics, etc.)
- AWS Security Engineering Course
- ISC2 Certified Information Systems Security Professional Course
- ISC2 Certified Cloud Security Professional Course
- Experience working with Jira and Confluence
- Experience with USARMY systems/tools/implementations
Pay Range $97,500.00 - $150,000.00 - $202,500.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.