Security Engineer

Description

Job Description:

Leidos is looking for a Senior IT Security Engineer to provide leadership on a mission-critical program portfolio. The individual will oversee security compliance and processes, for a portfolio of applications. The individual will ensure that critical security functions such as Authorization To Operate (ATO), control gates, and related tasks and deliverables are completed successfully and on-schedule.

Primary responsibilities:

• Demonstrating hands on experience with operating  IT security / Information Assurance solutions in the context of Federal IT Security regulations and guidance such as NIST 800-53, NIST 800-37 and FIPS 199
• Supporting the adoption and/or implementation of Federal and national security and compliance standards and/or guidance.
• Providing support to programming code reviews, determining system performance specifications, identifying and resolving interoperability problems, developing requirements, determining parameters, and resolving conflicts between disparate technologies as they arise.
• Providing potential solutions to remediate issues while allowing systems to remain operational and compliant in a mission-first environment
• Contribute to and be responsible for parts of cross-functional oversight for the development of new products and enhancements, and ensure best practices are being followed.
• Perform security and compliance analysis and activities, across products and/or teams within a portfolio, including requirements analysis
• Lead security and compliance assessments and evaluations pertaining to specific application and subsystems.
• Executing tasks, monitoring product delivery and work assignments.
• Develop and provide metrics and reporting to demonstrate application compliance.
• Perform vulnerability assessment and development and track mitigations.
• Assist portfolio management with technical direction and prioritization of the development backlog
• Ability to manage multiple high visibility security projects and adjust to quick shifts in customer priorities while meeting all mission requirements.
• Provide mentoring and training to other team members on security guidance, technologies and processes.
• Supporting development and maintenance of applicable Continuity of Operations (COOP) Plans, Business Impact Analyses (BIA), Business Continuity Plans (BCPs), and Disaster Recovery Plans (DRPs).

Basic Qualifications

• Experience leading projects.
• Experience in one or more of the following areas are required: 
  • Demonstrated experience with NIST SP 800 series or equivalent series documents development and maintenance for information security management and risk assessment
  • Demonstrated experience supporting and securing software development projects/programs to include Agile development and DevOps/SecDevOps
  • Demonstrated experience with securing cloud services (AWS or Azure)
  • Experience defining strategic governance for security management, defining quality metrics, and implementing repeatable processes
  • Experience providing project management support, systems support, process improvement recommendations and product support documentation
• Ability to obtain a Customs and Border Protection Public Trust suitability determination
• U.S. Citizenship
• Requires BS degree in IT, Computer Science, Information Systems, or a related field and at least 8+ years of prior relevant experience or Masters with 6+ years of prior relevant experience. Additional experience may be considered in lieu of degree.
• At least five (5) years’ experience managing IT security

Preferred Qualifications

• Experience with DHS, CBP, OIT, Border Enforcement, Cloud Services (AWS/Azure), Cloud Migration, DevOps/SecDevOps, Containerization, micro services, and Software Development
• Candidates with strong analytical and organizational skills with excellent written and verbal communication skills
• CASP or CSSLP
• Experience working with information security technologies (e.g., design, encryption, data protection, privilege access, identity and access management, incident management, risk management and auditing)
• Experience guiding peers, leaders, and decision makers on addressing complex security issues
• Experience with scanning and elevation tools (WebInspect, Fortify, JFrog Xray, SonarCube, Nessus etc.); and GRC tools (RSA Archer)

ITI2

Pay Range: