Information System Security Engineer (ISSE)

Leidos is seeking an Information System Security Engineer (ISSE) to collaborate with the Information System Security Manager (ISSM) serving as a subject matter expert in advanced technical principles, theories, and concepts in Security Engineering, including operations, engineering, technical and program management support services, and RMF/ATO compliance to support cyber-related operations.

Duties will include:

• Under the direction and guidance of the ISSM, capture and refine information security requirements and ensure their integration into information technology components and information systems through purposeful security design and configuration.
• Perform vulnerability assessments to determine weaknesses and exploit methods in systems/networks utilizing approved COTS and GOTS tools, in conjunction with security testing methodologies and frameworks to assess threats against information and system/networks and recommend appropriate countermeasures for continued mission assurance.
• Perform cybersecurity analysis, identification, and remediation of complex cybersecurity compliance requirements on IT systems and applications to include: Microsoft Windows and RHEL family of servers, workstations operating systems. RDBMS such as SQL and PostgreSQL, XML, and JSON-based semi-structured technologies. Web-Server and web application technologies (e.g., MS IIS, Apache/Tomcat, SharePoint). Virtualization technologies such as VMware and VDI infrastructures. Network infrastructure components such as switches, firewalls, vSANs, and thin client hardware.
• Provide remediation recommendations and mitigating strategies for vulnerabilities discovered and maintain in-depth knowledge of STIG/SRGs, technologies such as Tenable Nessus, SCAP compliance tools like EvaluateSTIG and other automated tools that assist with the assessment of security controls and the presentation of security assessment results.
• In coordination with change management processes, remediate, apply, and/or mitigate vulnerabilities to systems and system components through the application of security updates, patches, fixes, and/or secure configurations.
• Support the creation, development, and documentation of cybersecurity processes and procedures supporting Authorization to Operate (ATO) packages and, as needed, to mature the program's cybersecurity posture.
• Experience with eMASS to manage ATO package
• Prepare and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports, and Plans of Action and Milestones (POA&Ms).
• Install, configure and manage Trellix products.
• Create, tune, and enforce security policies through the ePO console to meet company security standards and compliance requirements.
• Troubleshoot Splunk issues between server and forwarder, create custom dashboards and implement best practices.
• Administer, configure, and maintain the Tenable Security Center.
• Review ACAS results and remediate appropriately.

Basic Qualifications:

• with at least an active DoD Secret clearance and the ability to maintain that clearance during your employment.
• Bachelor's degree in a related field and 8+ years of experience or a masters degree and 6+ years of experience. Additional experience may be considered in lieu of a degree.
• Compliant with DoD 8140 requirements.
• DoD Risk Management Framework (RMF), especially in supporting Step 6.
• System/software design, enterprise architecture security, integration, testing, system administration, application administration, training, deployment, and O&M.
• Design, develop, and use host-based and network-based scanning tools.
• Security Content Automated Protocol (SCAP) based tools and specifications.
• Install, configure, test, deploy, and O&M of Enterprise-wide network-based cybersecurity tools (e.g., Trellix ESS, ACAS, Splunk, etc.) to support compliance testing and continuous monitoring.
• Supporting security engineering practices in the System/Software Development Life Cycle (SDLC) Process; General knowledge of the DoD and secure Information/LAN/WAN technologies.
• Hardening modern operating systems (OS) (i.e., RHEL, Microsoft Windows) and applications using Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and/or industry best practices and documenting results on requisite checklists.
• Compiling and providing metrics to program management as needed.
• Presenting technical information to non-technical stakeholders.

Preferred Qualifications:

Experience in the following:

• Working experience with programming or scripting languages.
• Working experience with Trellix.
• Experience working in a DoD environment with the ability to adapt and rapidly meet changing deadlines and obligations.
• Leading or mentoring junior members of a team.
• Project Management experience in an agile scrum environment.
• CASP+/SecurityX or CISSP certification

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

Original Posting:
December 15, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:
Pay Range $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.