SW Accelerator Security Lead Engineer

  • Leidos,
  • Reston, VA
  • 10 hours ago
company banner
Leidos
Security, Engineer, Software, Analysis, CIO, Risk Management, Computer, Engineering, Systems, Network, CISSP, CCNA, Foundation, IT, ISO
Full Time

Job Description

Description

Job Description:

Leidos Corporate Office of Technology has an immediate opening for a Security Lead Engineer to join our Software Accelerator team.

In this role, you will lead efforts for Leidos to overachieve on software security. Cyber security in software is an increasingly important component of delivering software to Leidos' highly regulated customers. This position will lead the technology development and application (internal and external technology) and best practices defining the Leidos way for security. This role will focus on providing compliance and differentiation for software teams inside Leidos. You will support development and application of secure CI/CD pipelines, secure coding practices, training, runtime software security and other aspects to ensure Leidos is an industry leader in delivering secure, rapid software.

You will lead capability discovery, which could take the form of an Analysis of Alternatives (AoA) to ensure the selected vendor can satisfy the need within the high level design.

Primary Responsibilities
Provide subject matter expertise in the development and maintenance of security tools and processes for Agile programs using modern CI/CD pipelines (e.g. pSDO)
Advise application development teams (e.g. LEAF) on best practices and designs for securing and monitoring software in production
Provide subject matter expertise in developing and maintaining standard secure coding processes for use across Leidos
Provide subject matter expertise in implementing industry standards in Leidos software programs (e.g. Biden Administration's executive order on cyber security)
Provide subject matter expertise in internal teams to ensure software development teams are both secure and delivering at a rapid pace, including being a liaison on behalf of the software community with CIO/CISO.
Provides subject matter expertise in the development of cyber operations specific indicators measuring success and attainment of team goals and objectives and enterprise information security architecture as applied to the organization's overall security strategy.
Advise programs on overall risk levels and security posture; Serves as an internal consultant and advisor in own area(s) of expertise (e.g., technology, tools, standards, best practices, processes, etc.).
Develops short-term and strategic training events for the assigned team.
Manage and enforce security policies, training and educating end-users on proper security practices, conducting security and risk assessments using security frameworks (e.g., NIST, RMF, Common Criteria, etc.)
Participate in enterprise projects, advocate security, architecture and engineering best practices.
Participate in vulnerability assessments and schedule, perform scanning and documentation of results.
Mitigate risk via security controls, testing and evaluation to certify and accredit commercial security products, ensure privacy of data throughout its lifecycle, vulnerability management (scanning, assessment, reporting, and mitigation verification), business continuity and disaster recovery.
Demonstrate understanding of information systems security, including network, application, database, physical, web vulnerabilities and common security design flaws.
Demonstrates ability to speak well in front of an audience and be able to present security briefs to high ranking personnel and be able to give presentations to personnel in a clear, concise but comprehensive manner.
Possess an understanding of government regulatory and compliance requirements and, Risk Management Framework processes.

Basic Qualifications
Bachelors Degree in Computer/Engineering Science, Information Systems, Cybersecurity, or related field preferred and 12+ years of work experience in Cybersecurity engineering. 2+ years of leadership experience managing Cybersecurity engineering teams
US citizenship is required and able to obtain security clearance.
Ability to effectively convey information security and risk-related concepts via written and verbal communication to both technical and non-technical audiences.
Must have strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in a fast-paced environment.
Experience with developing/integrating cybersecurity designs for systems and networks
Experience or knowledge of implementing Zero Trust architecture principles
Experience with documenting and addressing organizational information security, cybersecurity architecture, and systems security engineering requirements
Experience with documenting the protection needs (i.e. security controls) for information system(s) and network(s)
Ability to perform security reviews, identify gaps in security architecture, and develop a security risk management plan
Ability to develop a system security context, a preliminary system security CONOPS, and define baseline system security requirements in accordance with applicable cybersecurity requirements
Experience with vulnerability scanning tools to include those supporting operation system, web application, database assessments,
Skill in translating operational requirements into protection needs (i.e. security controls)
Knowledge and work experience with architecting, engineering, deploying, and tuning of Network Intrusion Detection Systems (NIDS)
Experience with Cyber Threat Intelligence (CTI) technologies
Cybersecurity Certifications: At least one of the following: CISSP, CCSP, CCNA,CISSP-ISSAP,CISSP-ISSEP, GIAC, SSCP, Security+ (or equivalent as approved by the Government)
Experience with documenting and addressing organizational information security, cybersecurity architecture, and systems security engineering requirements

Preferred Qualifications
Demonstrated expertise in Cloud and off-premises security best practices.
Experience integrating security controls to cloud environments to provide a holistic enterprise security view
Experience working with Department of Defense DFARS, US Federal FAR/ITAR and CMMC regulatory requirements
Ability to execute technology and/or tool automation processes.
Ability to optimize systems and/or tools to meet enterprise performance requirements.
Experience with integrating solutions in a multi-vendor environment
Knowledge of enterprise logging, with a focus on security event logging
Experience with enterprise-scale operations and maintenance environments
Experience with programming
Experience with various security tools
Ability to multitask and solve complex technical problems
Experience working in a multi-server environment
ITIL v3 - Foundation
Existing DHS EOD, active Secret clearance, or active Top Secret clearance
Understanding of DevOps/Agile concepts and processes
Knowledge of performance metrics related to IT Service Operations
Detailed knowledge of key cyber and network technologies such as Netwitness, Splunk, FireEye, etc.
Knowledge of operations testing and evaluation methods as they relate to the Cyber Security area of expertise.
Experience in network and cyber security design, engineering and operations
Experience with NIST SP 800 series or ISO 27000 series documents for information security management and risk assessment

External Referral Bonus:
Ineligible

External Referral Bonus $:

Potential for Telework:
Yes, 50%

Clearance Level Required:
None

Travel:
Yes, 25% of the time

Scheduled Weekly Hours:
40

Shift:
Day

Requisition Category:
Professional

Job Family:
Software Engineering

Pay Range:


Company Information

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 31,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.17 billion for the fiscal year ended December 29, 2017. (NYSE: LDOS) All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Dice Id : SCNCAPI2
Position Id : R-00060288
Originally Posted : 3 months ago

Similar Positions at Leidos

Technical Lead/Cyber Security SME
  • Washington, DC
  • 1 day ago
Security Team Lead
  • Bethesda, MD
  • 1 day ago
IT Security & Compliance Director
  • Reston, VA
  • 1 day ago
Cyber Security Engineering Lead
  • Washington, DC
  • 1 day ago
InfoSec Security Engineer
  • Reston, VA
  • 1 day ago