Leidos has an opening for a Project Engineer to support the NRC's Global Infrastructure and Development Acquisition (GLINDA) program. Provides security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering. Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security designs; implements security designs in hardware, software, data, and procedures; verifies security requirements; performs system certification and accreditation planning and testing and liaison activities, and supports secure systems operations and maintenance. For security professionals providing systems security analysis, use Computer Systems Security Analysis. For information security professionals providing security risk and analysis, use Info Systems Security Risk and Analysis. Leidos is seeking an IT Security Engineer to support the NRC. The candidate will be involved in a broad range of tasks and issues supporting current day-to-day production operation as well as evaluation and assessment of new capabilities. The candidate will respond to Certification and Accreditation tasks, audit tasks and other system security tests. The candidate may act as the interface between auditors and system subject matter experts. This will require the candidate to understand the target systems to appropriately decompose inquiries to actionable items for SMEs, and then validate the SME responses. The candidate will be involved in assessment of IT systems and components with enterprise class security standards and practices and identifying appropriate design and mitigation actions. This may involve using enterprise security tools (e.g. SPLUNK, BigFix, Nessus) or responding to reports from those tools. Activities may involve responding to real time production system issues/events or analysis of new or enhancement capabilities. This will require applying a broad system security engineering view to evaluate security needs against operational mission needs. Clear verbal and written communication skills are essential. This position also requires good project planning skills to identify how to meet schedules, identify dependencies, and identify risks and work arounds.
This position is not eligible for telework.
The position will be based at the NRC HQ in Rockville, MD.
this position requires successful completion of a NRC Public Trust security investigation..
* Experience with supporting assessment of IT systems compliance with Federal IT Security standards (NIST 800-53, FISMA, others) * Experience responding to security audits and compliance assessments including decomposing auditor requests to actionable items, compiling and presenting security audit artifacts * Experience evaluating IT system compliance with government and commercial security practices (e.g. DISA STIGS, SANS Top 25) * Working knowledge of Federal Certification and Accreditation practices * Familiarity with security test tools and responding to security findings * General knowledge of enterprise scale IT systems, architectures and components (networking, security appliances, servers, and virtualization) particularly the system integration challenges balancing secure operations with operational need * Solid communication and documentation skills * IT background * Customer Relationship experience * Project Leadership * Project Management Experience * ITIL Program Experience Foundation or better * Experience with security test tools (e.g. Nessus, Web Inspect), enterprise configuration management tools (e.g. SPLUNK, Big Fix, SCCM, SPDR), enterprise security services (e.g. IDS, log aggregation, credential management, PKI) * Experience with Windows administration including Active Directory * Experience with Linux and/or Unix administration * Familiarity with cloud computing and applicable security practices (e.g. FedRAMP) * Experience with ATF or DOJ * Ability to recognize security risks, document risk, and clearly communicate findings and recommendations. * Experience supporting Incident Response events * Experience supporting review and certification of Physical Security elements of a facility * Strong Written and Verbal Communication Skills. * Cisco Certified Network Professional (CCNP): Security
Typical Education: Bachelor's degree in a related discipline, or equivalent experience/combined education, with 9 years of professional experience; or 7 years of professional experience with a related Masters degree.
Leidos is a global science and technology solutions leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company's diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos is an Equal Opportunity Employer.