Security Engineer

The Digital Modernization Sector at Leidos currently has an opening for a Security Engineer to work in our Lorton, VA office. This is an exciting opportunity to use your experience helping the Homeland Enterprise Information Technology Secure Services & Support (HEITS) Program contracted mission.In this mission we support the Department of Homeland Security to deliver cybersecurity and information assurance services.

Primary Responsibilities

The Security Engineer - Linux / Tenable Compliance is responsible for securing and hardening enterprise Linux servers, managing Tenable vulnerability scanning platforms, and driving compliance across on-prem and cloud environments. This role sits at the intersection of operations and governance: building and maintaining secure baselines, tuning Tenable scans, interpreting results, and partnering with engineering teams to remediate findings in line with organizational policies and regulatory requirements.

The ideal candidate has strong hands-on Linux (RHEL/Ubuntu) experience, deep familiarity with Tenable.sc / Nessus, and a proven track record of supporting compliance frameworks (e.g., NIST, DISA STIGs, CIS benchmarks).Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.

• Administer and harden Linux servers (e.g., RHEL, Rocky, Ubuntu) including OS configuration, patching, and security baseline enforcement.
• Install, configure, and maintain Tenable platforms (Tenable.sc, Nessus, Nessus Agents, connectors) to support continuous vulnerability scanning.
• Develop and maintain scanning policies, schedules, and dashboards to provide accurate visibility into security posture.
• Analyze Tenable scan results; validate true positives vs false positives and work with system and application owners to drive timely remediation.
• Map vulnerabilities and configuration findings to relevant compliance requirements (e.g., NIST 800-53, DISA STIGs, CIS benchmarks, organizational policies).
• Support the creation and maintenance of secure configuration baselines and hardening guides for Linux servers and related middleware.
• Generate compliance and vulnerability reports for leadership, auditors, and governance teams; track remediation progress and aging.
• Collaborate with infrastructure, DevOps, and application teams to integrate security and compliance into change management, patch cycles, and deployment pipelines.
• Participate in security incident response activities related to Linux hosts, including log review, containment, and forensic support.
• Contribute to SOPs, playbooks, and runbooks for vulnerability management, patching, and compliance monitoring.
• Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.

Basic Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field and 8+ years experience; or additional equivalent experience may be considered in lieu of a degree.
• 5-8+ years of hands-on experience administering and securing Linux systems in an enterprise environment.
• Active TS/CI government security clearance
• Direct experience with Tenable.sc and/or Nessus for vulnerability management (configuration, policy creation, agent management, reporting).
• Solid understanding of vulnerability management lifecycle: discovery, assessment, prioritization, remediation, and verification.
• Experience implementing or supporting security/compliance frameworks such as NIST 800-53, DISA STIGs, CIS benchmarks, or similar.
• Strong skills in Linux CLI, shell scripting, and basic automation (e.g., Bash, Python, Ansible) to support configuration and remediation.
• Familiarity with log management and SIEM solutions and how they integrate with Linux hosts.
• Ability to interpret technical vulnerabilities (CVEs, CVSS) and clearly communicate risk and remediation options to technical and non-technical stakeholders.
• Excellent documentation skills, including the ability to produce clear procedures, diagrams, and reports.

Preferred Qualifications

• Experience with configuration management tools (e.g., Ansible, Puppet, Chef, Salt) to enforce secure baselines at scale.
• Experience working in regulated or audit-heavy environments (e.g., FISMA, FedRAMP, PCI-DSS, HIPAA, SOX).
• Familiarity with Windows server hardening and cross-platform vulnerability management.
• Experience integrating Tenable with ticketing/ITSM tools for automated ticket creation and tracking.
• Certifications such as Linux+, RHCSA/RHCE, Security+, CySA+, Tenable-certified, CISSP, or similar.
• Experience in federal / DoD / IC / state & local government, or other large enterprise environments.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

Original Posting:
December 10, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:
Pay Range $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.