Position: Information Systems Security Engineer (ISSE) Level III
Location: Columbia MD US
At Leidos, we take responsibility for improving the quality of life of our employees, their families and the communities in which we live and work. Our commitment extends beyond the contributions we make to solve Mission-Critical Problems; it directly impacts the people involved.
As an ISSE III you will join a small team providing Information Assurance (IA) Architecture Analysis and Security Engineering Support for the implementation and fielding of the National Leadership Command Capability in support of Nuclear Command, Control, and Communications (NC3), Continuity of Government (COG), and Senior Leader communications. The ISSE III will perform in a consultant like role providing technical knowledge, expertise and advice to our customer. This position is on a newly awarded Leidos sole sourced prime contract with funding for the next five years!
The ISSE shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established IA standards and regulations and recommended mitigation strategies. This includes:
- Validates and verifies system security requirements definitions and analysis and establishes system security design
- Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing and enclave environment to include those with multiple enclaves and with differing data protection/classification requirements
- Builds IA into systems deployed to operation environments
- Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions
- Supports the building of security architectures
- Enforces the design and implementation of trusted relations among external systems and architecture
- Assesses and mitigates system security threats/risk throughout the program life cycle
- Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations
- Reviews C&A documentation, providing feedback on completeness and compliance of its content
- Applies system security engineering expertise in one or more of the following:
- System security design process
- Engineering life cycle
- Information domain
- Cross domain solutions
- COTS and GOTS cryptography
- Identification, authentication and authorization
- Systems integration
- Risk management
- Intrusion detection
- Contingency planning
- Incident handling
- Configuration control
- Change management
- C&A process
- Principles of IA (confidentiality, integrity, non-repudiation, availability, and access control)
- Security testing.
Support security authorization activities in compliance with DoD Information System Certification and Accreditation Processes and DoD Information Assurance Certification and Accreditation Process (DIACAP) process, the NIST Risk Management Framework (RMF) process, and prescribed DoD business process for security engineering.
Minimum Qualifications :
- Bachelor of Science degree from an accredited university in Computer Science, Information Assurance, Information Security System Engineering or related field with a minimum of 20 years of experience as an Information Systems Security Engineer (ISSE) on programs and/or contracts with the Federal Government. A Masters Degree in Computer Science, Information Assurance, Information Security System Engineering or related field reduces the experience requirement to 18 years.
- CISSP-ISSEP DoD approved 8570 baseline certification.
Additionally, the candidate must also possess the following knowledge, skills and abilities:
- Expertise in network technology and systems security engineering.
- Experience in identifying, researching, characterizing, and documenting security weaknesses related to operating systems, software applications, firmware, network hardware components, as well as network architecture design and documented policies and procedures.
- Experience developing and documenting system security requirements and conducting requirements gap analysis.
- Knowledge of, and practical experience with the NIST Special Publications 800 Series, CNSSI 1253, and DoD 8500.
- Experience with network technologies and the ability to demonstrate knowledge of network protocols, communications systems and architectures.
- Should have significant hands on experience implementing security and/or network components, i.e. routers, firewalls, IPS, IDS, etc.
- Ability to work independently within a schedule and with little direction.
- Strong writing skills.
- Confidence and ability to present briefing to senior level DoD officials in both prepared briefings and/or in ad hoc discussions.
- Experience and understanding of active cyber defense techniques, products and architectures
- Experience or knowledge of cross domain device implementation
- Experience with virtual desktop environments
- Experience or knowledge of the Nuclear Command & Control (NC2) community
- Working knowledge of MS Visio to include development of detailed network diagrams
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin’s Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos is an Equal Opportunity Employer.