Cyber Security Engineer, Senior
Leidos is seeking a Cyber Security Engineer, Senior, contingent upon contract award. Position is expected to be in the DC Metro area and is in support of a Department of Veterans Affairs (VA) Task Order.
Position may require travel of 50% or more, there is a possibility for remote / telecommuting option part time.
Candidate must pass a National Agency Check (NAC) covering the past 5 years to obtain a VA Medium/BI Public Trust clearance as well be able to obtain or currently possess a DoD Secret clearance.
Requires U.S. Citizenship.
The chosen candidate will be part of a team developing and supporting NIST and DoD Assessment and Authorization (A&A) processes, principally evaluating and adapting existing DoD Risk Framework documentation created for the DoD Electronic Health Records system for acceptance by the Department of Veterans Affairs. System configurations and documentation should conform to VA organizational objectives. The candidate should be able to evaluate cybersecurity and privacy risk for a VA instance of the current system. The candidate should be able to evaluate cybersecurity and privacy risk for information technology system and prepare technical reports. The candidate will be familiar with federal vulnerability assessment tools and techniques. The candidate must have experience assembling authorization packages to obtain an Authorization to Operate (ATO) for a government system. Candidates should be familiar with either (or both) DoD and VA civil processes to obtain ATOs.
The Cyber Security Engineer, Senior, will work with a diverse team to define and document a VA Assessment and Authorization (A&A0 package to support a VA ATO. Will work with teammates and senior personnel to analyze all aspects of information security, address outstanding findings, interpret vulnerability scan results, identify mitigations for vulnerabilities identified during assessment activities, and update documentation to reflect changes and improvements to the system. The individual will also be responsible for analyzing and executing activities to adapt existing DoD A&A documentation to VA-specific A&A packages.
• Develop, implement, test and review hardware/software information security requirements (IAW DoD/NIST RMF) to protect information and prevent unauthorized access. Implement security measures, explain potential threats, implement security measures and monitor applications in order to meet or exceed all DoD/NIST RMF requirements. Participate in system security engineering from establishing stakeholder security requirements, design, implementation, and validation to sustainment. Execute and coordinate test plans, remediation and mitigation strategies. Help manage incident management, cybersecurity vulnerability assessment, continuous monitoring, configuration management, change management, risk assessments, system impact assessments, identity and access management (IAM)
• Provide security assessment and authorization expertise and guidance to VA systems security team, especially approaches for acceptance of DoD authorization packages system security plans through the VA Assessment and Authorization (A&A) Standard Operating Procedure (SOP) and VA regulations, including VA Handbook 6500 Authorization to Operate under Reciprocity (ATOR) and Authority to Connect (ATC) certifications. Review existing system-specific Security Assessment Plan (SAP), Risk Assessment Report (RAR), Plan of Action and Milestones (POA&M), System Security Plans (SSP), Application Security and Development Checklists, and other artifacts supporting DoD and VA software and system assessment and authorization. Work with both VA and DoD authorities to either convert DoD eMASS artifacts, reports and process to accommodate to the VA Governance, Risk and Compliance (GRC) tool, RiskVision, or alternatively, support VA adoption of eMASS for the VA Electronic Health Records system.
• Harden Operating Systems, applications, and network infrastructure using Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations, and Information Assurance Vulnerability Alerts (IAVA). May use or manage automated security assessment tools as well as manual checklists to validate compliance with regulatory frameworks or mandates such as FISMA, HIPAA, the Privacy Act, E-Government Act, PCI-DSS, etc. Be familiar with vulnerability scans for applications using various tools such as HP Fortify; working with software engineers to analyze the report; and vulnerability scans for operating systems and network infrastructure using Nessus and/or ACAS.
• Working with self-signed certificates, DoD PKI and VA PIV.
• Conduct Privacy Threshold Analyses and Privacy Impact Assessments
• Master’s Degree and 10+ years of overall experience in cybersecurity and privacy risk management with Federal Information Technology systems and security requirements. 10 years of additional relevant experience may be substituted for education.
• Understanding of DoD 8510, NIST SP 800-53, NIST SP800-37, the Risk Management Framework, and CNSSI 1253
• The individual must have significant experience with cybersecurity best practices. Experience reviewing and writing policies and security plans utilizing NIST 800-series framework. Prior VA experience with cybersecurity policy a big plus.
• Meet DoD 8570.01–M and IT Level II
• Ability to obtain VA Moderate BI or DoD Secret or higher clearance
• Specialized experience working with Government classified or sensitive systems
• Meet DoD 8570.01–M and IT Level II or III
• Experience with the enterprise Mission Assurance Support Service (eMASS) or RiskVision.
• Background or certifications in healthcare IT or privacy risk management
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.