Information System Security Officer

Description

Leidos has an immediate opportunity for an Information Assurance Security Officer/Information System Security Officer in Chantilly, VA. This position requires a candidate with an active Top Secret clearance and the willingness and ability to successfully obtain an SCI and polygraph, if required.

The Information Assurance Security Officer (IASO) provides direct and indirect security engineering support to the execution of the customer's Information Assurance (IA) Certification and Accreditation (C&A)/Assessment and Authorization (A&A) mission.

The IASE will be responsible for:

• Manage, monitor, and report on installation, configuration, testing, and administration of systems and capabilities to support the automated scanning, monitoring in support of C&A/A& and ICD-503, NIST 800-53 security controls mappings, reporting of FISMA and reporting of Information Assurance Vulnerability Alerts (IAVA)/Intelligence Community Vulnerability Alerts (ICVA).
• Manage, monitor, and report on integrating and testing features and functions within the A&A Management solution. This includes, but may not be limited to, DoD 8500.2, and NIST 800-53 Security Controls mappings; implementing updates business processes, workflow, and templates; and direct support to the government customer
• Manage, monitor, and report on performing security assessments; design reviews; and providing guidance on new technologies for the program. New technologies may include, but are not limited to, Cloud technologies, Hardware, Operating System, Web technologies; and Databases
• Handle information system Assessment and Authorizations (A&A) as well as Continuous Monitoring (ConMon) tasks.
• Prepare and maintain information systems Accreditation and Authorization (A&A) packages (BoE - Test Plan, SSP)
• Collaborate with cross-functional team to implement security controls and measures and provide technical guidance to team members on security-related issues.
• Conduct Configuration Management (CM) tasks to ensure all associated hardware, software, and security relevant functions are maintained and documented.
• Review system vulnerability scans, verify implementation of DISA STIG's, and report any outstanding security relevant risks to the program for mitigation.

• B.S. in Computer Science, IT or applicable engineering or science field
• Twelve + years of prior relevant of related experience

• Active TS/SCI w polygraph is required.

• Experience with the Risk Management Framework (RMF) and ICD 503 Security Accreditation processes.
• Experience in development of technical documentation to include artifacts required to support Assessment & Authorization (A&A) under the Risk Management Framework
• Candidate must demonstrate experience interpreting and applying government security regulations such as NIST, ICD and FISMA.

• Show knowledge of risk management, and information system security principles.
• Experience with security configurations across multiple operating systems in various environments, to include Windows, Linux, utilizing Active Directory/Group Policy.
• Candidate must be highly organized and self-motivated with excellent documentation skills and the ability to work with minimal supervision. Candidate should be able to communicate effectively with customers and team members at all levels.
• Ability to work independently within a schedule and with little direction.

• Experienced with various security tools and processes such as Tenable SC, Nessus, Fortify, Xacta, Trellix, Elastic (Kibana)
• Experience with Cloud Computing Technologies/Amazon Web Services (AWS)
• STIG compliance and POA&M and vulnerability management
• Knowledge of the complex environment involving shared IC networks and multiple security enclaves
• Knowledge of CMDB and Service+