Senior High-Value Asset (HVA) Assessor

Description

Job Description

The mission of the DHS Chief Information Security Officer Directorate (DHS CISOD) is to support the Department's implementation of all applicable regulatory requirements-including the Federal Information Security Modernization Act (FISMA), relevant OMB circulars, Executive Orders, Federal laws, directives, policies, and regulations-while providing the Department of Homeland Security (DHS) a secure and trusted computing environment. Information security is an essential business function, critical to enabling DHS to conduct its operations and deliver service to the public.

Leidos is seeking an experienced Senior High-Value Asset (HVA) Assessor to join our team on a highly visible and strategic Cybersecurity Assessments contract. The assessor will lead and execute comprehensive HVA assessments in strict alignment with CISA Assessment Evaluation and Standardization (AES) guidelines and the DHS HVA Program Management Office (PMO).

Primary Responsibilities

• Lead end-to-end execution of Non-Tier 1 HVA assessments-including planning, onsite/remote execution, and close-out-ensuring compliance with CISA AES methodology.
• Serve as Assessment Lead or Technical Lead; coordinate assessment teams (operators, SMEs) and assign roles to meet project objectives and deadlines.
• Maintain personal AES-HVA Assessor certification by passing the required multiple-choice examination and report-writing evaluation, and by participating in at least one assessment per year; ensure team members do the same.
• Develop and deliver detailed assessment reports within 30 days of out-brief, clearly articulating findings, risk impacts, and prioritized recommendations.
• Create, refine, and publish Standard Operating Procedures (SOPs), best practices, templates, and training materials; maintain these in corporate and DHS knowledge repositories.
• Produce and update an enterprise-wide HVA assessment schedule; track staff qualifications and monthly assessment metrics for reporting to the DHS HVA PMO.
• Coordinate with stakeholders to gather pre-assessment artifacts, provide advance preparation guidance, and manage logistics for assessment engagements.
• Manage an electronic repository on the DHS network for all HVA artifacts, ensuring secure storage, version control, and ease of retrieval.
• Mentor and train newly onboarded assessors on AES methodology, CISA tools, and DHS operating environments.
• Support continuous improvement by recommending updates to HVA evaluation methods, categorization processes, and tool configurations.

• Education / Experience
  
  
  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field and 8+ years of hands-on information-security or cybersecurity-assessment experience OR
  • Master's degree in a related field and 6+ years of relevant experience.
• Active AES-HVA certification (or ability to obtain within 90 days) and demonstrated success in both the multiple-choice and report-writing components.
• Experience leading or co-leading HVA, security control assessments, or similar security assessments in large Federal or enterprise environments.
• Deep knowledge of NIST SP 800-53, SP 800-60, CSF, and other Federal cybersecurity guidance; familiarity with FISMA reporting requirements.
• Strong analytical skills for identifying vulnerabilities, correlating technical data, and prioritizing remediation actions.
• Proven ability to write clear, technically sound reports and deliver executive-level briefings.
• Ability to obtain and maintain a DHS Suitability/Public Trust Clearance/EOD

• Prior DHS or other Federal agency cybersecurity-assessment experience.
• Industry certifications such as CISSP, CISM, CISA, GIAC (GXPN/GWAPT/GSEC), or CompTIA Security+.
• Working knowledge of common enterprise operating systems (Windows, Linux, z/OS), networking protocols, and security-monitoring tools (e.g., Splunk, Nessus, Qualys).
• Experience developing SOPs, training curricula, or knowledge-management repositories for cybersecurity programs.
• Demonstrated success managing geographically dispersed assessment teams and multiple concurrent engagements.