Vacancy caducado!
Description
Job Description:This is an opportunity to support NASA and the End User Services Office (EUSO). In this mission we manage the primary infrastructure and core services. We operate, maintain, deploy, and manage an existing Government furnished systems. The candidate will support the Assessment and Authorization, Vulnerability Management, and Security Engineering. Provide analytical and technical security recommendations to the team, oversight boards, and customer. Meet with clients and management to help specify and negotiate application and system security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production.What You'll Get to Do:The successful candidate will manage the overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles of NASA EUSO Systems. Will develop, maintain, and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems. Will conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance; document, organize, and implement security control requirements; identify current and new risks; and prepare vulnerability test plans and coordinate the testing and result procedures. Will conduct analysis of identified vulnerabilities and work with the teams to coordinate mitigation actions. Oversee all the POA&Ms and RBD's identified for the end user services office and ensuring compliance and actions are reported. Ensuring the proper NIST Guidelines for each system component are applied; register the system in the NASA Assessment tool RISCS to support the Risk Management Framework (RMF) process. Lead a team of Cybersecurity professionals for vulnerability management and help manage projects though the lifecycle.Support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on production and development networks.Provide professional security services for IA/Cybersecurity in accordance with US Government (USG) and NIST policies and guidelines.Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).Management of Plan of Action and Milestones (POA&Ms) to completion through the vulnerability management lifecycle, while working with operations on solidifying a plan to mitigate according to NIST guidelines.System and applications vulnerability assessment with tools such as Nessus, BigFix, SCCM, Jamf, Satellite, and the RISCS tools.Providing configuration management for security-relevant information system software.Contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.Analyzes and documents results of security compliance & vulnerability scanning in order to identify vulnerabilities and coordinate associated remediation effortsCreates Security Test Plans in accordance with NIST 800-53 rev 4 standardsCommunicating with and working closely with System Engineering and operations teams to ensure that the hardware and software implementation meets the security requirements for processing classified information.Analyzing and assessing system implementation against multiple security compliance policies and evaluating the impact of new development.Developing technical solutions for security-related vulnerabilities using solid security standards and best practices.Evaluating, reviewing, and/or testing security-critical software.Auditing and assessing system security policies and configuration settings.You'll Bring These Qualifications:A BA/BS degree and 4-8 years of prior relevant experienceMust have a minimum of three (3) experience working in an IT environment similar in size (or larger) and scope to this task order.Must have a minimum of three (3) working knowledge of large, complex IT environments.Experience meeting with clients and management to specify and negotiate application security requirement, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of application to production.Experienced in providing risk analysis for vulnerabilities, incidents and change request.Experienced in being an active member in technical workgroups to recommend effective security configurations and architecture.Experienced in developing documentation to support ongoing security systems operations, maintenance and specific problem resolution.Ability for oral and written communications with the highest level of management.Ability for oral and written communications with the highest level of management.These Qualifications Would be Nice to Have:5+ years of experience in IA/Cybersecurity.Security certificates such as CISSP, CISM, GSLC, or CASP.Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.Experience complying with USG and NIST regulations and preparing for responding to information security audits and questionnaires.Understanding of related information technology (e.g. firewalls, VPN, virtualization, DLP, etc) and physical security assets.Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.Experience with UNIX/LINUX OS and any scripting language.Experience working with IDS/IPS and processes.External Referral Bonus:EligiblePotential for Telework:Yes, 50%Clearance Level Required:Public TrustTravel:Yes, 25% of the timeScheduled Weekly Hours:40Shift:DayRequisition Category:ProfessionalJob Family:Information AssurancePay Range:Leidos is a Fortune 500 ® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 38,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $11.09 billion for the fiscal year ended January 3, 2020. For more information, visit www.Leidos.com.Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.Vacancy caducado!