Information Assurance Engineer

The Digital Modernization Sector has a career opportunity for an Information Assurance Engineer supporting the Global Solutions Management – Operations II (GSM-O II) contract at DISA. This contract includes the Operations, Sustainment, Maintenance, Repair, and Defense of the Defense Information System Network (DISN) within the DOD Information Network (DODIN) in support of the Defense Information Systems Agency (DISA).  It also includes support to other key tasks for DISA, including the transformation of DISA’s operational mission through innovation, and support to DISA’s mission partners.

Candidate must be able to spend the majority of their time at the customer site at Fort Meade, MD, although light telework is allowed. Minimum Secret clearance and Security+ are required upon start.

Primary Responsibilities

• Serve as the System Information System Security Officer (ISSO) for various customer systems as an IA Subject Matter Expert (SME) ensuring IA is built into systems deployed to operational environments.

• Develops Project Management Plan to attain and maintain ATOs.

• Perform ISSO responsibilities, including acting as a point of contact and subject matter expert for all cybersecurity related aspects to the assigned information systems, ensuring systems are maintained per security policies and procedures and maintaining compliance and ongoing reporting to management.

• Collaborate with program information assurance staff, program management, and local engineers to ensure an appropriate security posture and Authorization to Operate (ATO) accreditation conditions and requirements are maintained.

• Provide security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the Information System Security Manager (ISSM) of the security relevance.

• Candidate will conduct regular briefings with the customer on cybersecurity status, including preparing briefing materials.

• Initiate the authorization or re-authorization efforts and process for new or expiring systems and coordinate, schedule, and attend required meetings.

• Conduct ongoing security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities and ensure systems are operated, maintained, and disposed of in accordance with established policies and procedures.

• Assist with the implementation of security procedures, and verify information system security requirements, including coordinating the execution, review, and disposition of STIG checklists for systems, applications, developed code and other components.

• Review ACAS and container scans for each system and work with infrastructure leads to bring findings into remediation.

• Determine applicability of Information Assurance Vulnerability Alerts to assets.

• Performs and/or reviews technical security assessments of computing environments to identify points of vulnerability, non- compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.

• Develop and maintain assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems, gather signatures, and submit to Enterprise Mission Assurance Support Service (eMASS).

• The individual must satisfy both preparatory and sustaining DoD standard training and certification requirements as a condition of privileged access to any DoD information systems.

Basic Qualifications

• Requires a US Citizenship and Secret Clearance.

• Bachelor’s Degree with 12+ years of relevant experience or master’s with 10+ years of prior relevant experience. Additional years of work experience in lieu of degree is acceptable.

• Hold and active security certification that meets DOD 8570 IAT level II or higher, such as Security+

• The qualified candidate shall have excellent customer service skills and the ability to work independently, prioritize, schedule, and complete multiple tasks.

• Ability to multi-task and self-assign work in a fast-paced environment.

• Strong communication skills that enable proactive and effective collaboration with a virtual team, including the ability to clearly articulate status and present to both customers and program leadership. Candidate shall have the ability to develop and present management level briefings.

• Demonstrate potential and willingness to learn and adapt to rapid changes in technology.

Preferred Qualifications

• Vulnerability assessment and analysis experience utilizing ACAS/NESSUS and DISA STIGs

• Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DSS, etc.)

• NIST RMF Assessment and Authorization (A&A) experience.

• Experience with operating IT security tools, such as ACAS, HBSS, DISA STIGs

• Prior experience working Cybersecurity in accordance with US Government (USG), Department of Defense (DOD)

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.