Insider Threat Program Information System Security Officer

Description

The Digital Modernization Sector at Leidos currently has an opening for an Information System Security Officer supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Program (ITP). This is an exciting opportunity to use your experience to support security accreditation and sustainment activities. The ITP mission is to identify insider threats to the department by utilizing advanced analytics, monitoring, and data correlation which in turn help address and eliminate potential threat actors from compromising the DHS mission in safeguarding the homeland.

The selected candidate will be responsible for the following:

• Provide support for security engineering, and the integration and deployment of security technology to support advanced external threat, insider threat, and cyber operations. The contractor shall resolve concerns or issues related to UAM components within 48 hours and the Government's request should be acknowledged within 1 hour during normal business hours.
• Perform weekly, or as directed by the government, vulnerability scans in support of FISMA requirements. For all systems, coordinate with the respective system owner, system administrator or Information System Security Officer (ISSO) to notify them that weekly scanning is to be performed and that the scan results are to be forwarded to the ITP for analysis.
• Support security assessments by working with the respective system owner, system administrator and/or Information System Security Officer (ISSO) to defining the scope, developing a test plan and rules of engagement document, obtaining necessary government approval, analyzing results, preparing a written report with the findings, impacts, and recommendations, and holding out briefings of findings.
• Provide a quarterly status of the scan coverage and identify and report on issues with coverage to the government.
• Perform technical analysis of all scan results and prepare a written report of analysis for the government monthly, as needed, or at the request of the Government.
• Conduct ITP directed vulnerability scans in support of operational matters (non-scheduled).
• Support ITP in the baseline compliance aspect of information systems and applications being accredited or reaccredited through the DHS's certification and accreditation process.
• Review all ongoing Authority to Operate (ATO), Authority to Connect (ATC) and Interim Authorization to Test (IATT); and brief the status in the Weekly Activity Report. The ISSO shall ensure any open ATO's, IATT's, ATC, are documented in the Project Plan and IMS.
• Develop a schedule for the submission of Assessment & Authorization (A&A) packages for assessment. Government technical representatives may delay that time schedule depending on mission requirements.
• Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The contractor shall collaborate with the Government data center staff to include Government generated documentation in UAM system BOE. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.

• Bachelors degree and (12)+ years of prior relevant experience or Masters with (10)+ years of prior relevant experience

• Prior leadership responsibilities

• Excellent written and oral communication skills

• Experienced and adept at developing and maintaining technical documents, analyses, and reports

• Experienced with preparing and presenting briefings to senior customer management, and customer stakeholders

• Active Top Secret government security clearance; Ability to obtain DHS EOD SCI

• Master's degree from an accredited college or university in IT Management, Engineering, or related field

• Proven experience (10+ years) in Information Assurance Management
• Security+ or Similar Certification
• Extensive experience with the Risk Management Framework (RMF)
• Extensive experience with ICD-503
• Extensive experience developing security accreditation packages and achieving Authorities to Operate (ATOs)
• Experience supporting security accreditation activities within the Intelligence Community