Sr. ISSE-Information System Security Engineer with active TS/SCI Poly
Company: Leidos
Location: Baltimore
Posted on: November 6, 2024
Job Description:
Description Leidos is looking for a Senior Security Engineer to
join a high performing agile team using the Scaled Agile Framework
(SAFe) methodology to support a fast-paced, complex program.
Program execution follows DEVOPS best practices and employs robust
development, test and production environments. Our team of security
engineers support enhancements to system security architecture and
cyber security capabilities; manage multiple system security plans
for development, test and production systems following the Risk
Management Framework (RMF); manage cross domain capabilities; and
support Security Verification Testing (SVT) of relevant Type 1
devices. The contract provides system engineering, development,
test, integration and operational support, and is focused on
injecting new technology and adding advanced capabilities while
continuing to support an on-going operational system.Job Summary:A
Senior Security Engineer is needed to provide support for adding
new capabilities to a complex system with exacting interface,
performance and security requirements. The selected individual will
become part of a team of Security Engineers working on solving
challenging issues on a large, significant program. The position
requires a solid understanding of security practices and policies
as well as hands-on vulnerability testing experience. The selected
individual will collaborate with other engineers and technical
experts in providing improvements to our operational, test,
integration, and development systems.Primary Responsibilities:
- Validating and verifying system security requirements and
establishing system security designs for large-scale systems, major
system elements, and interfacing systems that are part of a large
complex network environment with geographically distributed
components.
- Identifying and implementing appropriate information security
architectures and functionality to ensure uniform application of
security policy and enterprise solutions.
- Recommending and developing technical solutions, products, and
standards based on current and desired system security
architecture.
- Assessing and mitigating system security threats and risks
throughout the program life cycle.
- Leading and/or contributing to the security planning,
assessment, risk analysis, risk management, certification and
awareness activities for various system and networking
operations.
- Effectively collaborating with other internal technical experts
on a day-to-day basis.
- Communicating with Program Managers and POCs from customer
organizations when necessary, regarding Security issues of
significant importance.
- Participating in Program Increment Planning and related agile
team activities.
- Working closely with System Engineering, Test Engineering, and
Integration teams to ensure that the hardware and software
architecture and implementation meets security requirements.
- Analyzing and assessing system implementation against multiple
security compliance policies and recommending and implementing
enhancements.
- Evaluating security solutions to ensure they meet customer
specified requirements for processing information.
- Evaluating the impact of new development on the operational
security posture of the system.
- Evaluating, reviewing, and testing critical software.
- Proposing, assessing, coordinating, implementing, and enforcing
information systems security policies, standards, and
methodologies.
- Auditing and assessing system security configuration settings
using common methodologies and tools.
- Managing and enforcing security strategies and policies that
effect various components of geographically distributed
systems.
- Providing configuration management for security-relevant
information system software.
- Serving as a subject matter expert in security architecture to
include providing advice to Program Managers, Customer technical
experts, and internal program teams.
- Formulating security compliance requirements for new system
features.
- Identifying and remediating security issues throughout the
system.
- Supporting risk assessment, risk management, security control
assessment, continuous monitoring, service design, and other IA
program support functions.
- Working with development teams to enrich team-wide
understanding of different types of vulnerabilities, attack vectors
and remediation approaches.
- Planning and conducting security verification testing of
relevant type 1 devices.Security Clearance Requirement:
- All candidates must possess an active TS/SCI with polygraph
security clearance to be considered for this role.Basic
Qualifications:
- Bachelor's degree in computer science, Information Assurance,
Information Security System Engineering, or a related discipline
and a minimum of eight (8) years of relevant experience. Additional
experience may be substituted for a degree.
- Must have a solid understanding of security practices and
policies and hands-on vulnerability testing experience.
- Must have experience applying Risk Management Framework.
- Must have experience formulating and assessing IT security
policy.
- Must have demonstrated knowledge of and experience with common
security tools, such as Nessus, NMAP and Wireshark
hardware/software security implementation, communication protocol,
encryption techniques/tools, and web services.
- Must have experience with secure configurations of commonly
used desktop and server operating systems.
- Must be comfortable working on multiple systems and components
simultaneously in various configurations.
- Must have strong verbal and written communications skills.
- Must be committed to adopting and adhering to best
practices.
- Must be able to effectively plan and prioritize tasking and
communicate clearly regarding technical options and
trade-offs.
- Must be capable of performing high quality work both
independently and with a team in a fast-moving
environment.Preferred Qualifications:
- Five (5) years of experience with Defense in Depth
Principles/technology (including access control, authorization,
identification and authentication, public key infrastructure,
network and enterprise security architecture) and applying risk
assessment methodology to system development.
- DoD 8570 compliance with IASAE Level 2 or 3.
- Information Systems Security Engineering Professional (ISSEP)
Certification.
- Computer Information Systems Security Professional (CISSP)
Certification.
- Experience developing/implementing integrated security services
management processes, such as assessing and auditing network
penetration testing, anti-virus planning assistance, risk analysis,
and incident response.
- Experience providing information assurance support for
application development that includes system security
certifications and project evaluations for firewalls that encompass
the development, design, and implementation.
- Experience with penetration testing tools.
- Experience with scripting languages.
#J-18808-Ljbffr
Keywords: Leidos, Lancaster , Sr. ISSE-Information System Security Engineer with active TS/SCI Poly, IT / Software / Systems , Baltimore, Pennsylvania
Didn't find what you're looking for? Search again!
Loading more jobs...