SCA-R Validator

Description

Leidos is seeking multiple SCA-R Validators to assess programs' security posture and develop reports and recommendations for improvement. These positions can be based out of any of our three locations - Alexandria, VA, Fort Meade, MD, or Chambersburg, PA. These positions are primarily on-site, but partial telework may be available at the discretion of our customer and program management. Some travel may be required.

Responsibilities:

• Use government-assigned tools to perform weekly updates, maintain records, and complete tasks.
• Coordinate with ISSMs and PMOs to understand mission and business functions, security architecture, deployment locations, and planned and projected architectural and functional changes of assigned systems.
• Conduct cybersecurity assessments, risk analyses (operational and technical) and authorization tasks across all RMF steps using approved RE5 tools and processes.
• Verify authorization boundaries and categorize systems (FIPS199).
• Identify data classifications and conduct system-level risk assessments.
• Track system changes, assess impacts, and report updates to the AO.
• Evaluate authorization and change requests, web filtering, firewall exceptions, ports/protocols, cybersecurity risks, STIG/SRG compliance, and on-site security.
• Lead assessment visits, conduct briefings, and ensure proper documentation and reporting.
• Attend required government training and meetings to stay updated on process changes.
• Maintain access and proficiency in required government databases and cybersecurity tools.
• Assess threats, vulnerabilities and cybersecurity risk for systems and compile findings into timely authorization packages to determine countermeasures and residual risk.
• Support assigned systems throughout their lifecycle in alignment with FISMA requirements.
• Submit weekly activity reports summarizing tasks, tracking IDs, and key updates.

• Bachelor's degree (IT-related field preferred) and eight (8) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
• Active DoD Top Secret clearance with SCI eligibility required
• Current DoD 8570 IAM II or IAT II certification
• Five (5) years of experience in a Certification and Accreditation/A&A role
• Demonstrated experience with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
• Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
• Demonstratable experience in risk analysis, control validation, and as a Security Control Assessor Representative (SCA-R).
• Demonstrated experience with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
• Advanced understanding of key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications
• Customer service skills
• Ability and willingness to travel for assessments as required