Cyber Security Analyst

Full Time
Philadelphia, PA
Areas of Interest: Software Assurance and Security Engineering, Systems Security Analysis, Test and Evaluation
report a problem
Overview


Now Seeking Problem Solvers
Join Leidos to help make our communities, our nation, and our world a better place
ob Number:
639508
Job Category:
Cyber Security
Location:
PHILADELPHIA, PA US
Schedule:
Full-time
Travel:
Yes, 25% of the time
Shift:
Day Job
Potential for Teleworking:
No
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
None

















Primary Duties System Security Engineering, Test and Evaluation, and A&A Tasks: 
  • Provide independent security A&A and system-level security testing services at multiple classification levels in the operational environment for Global Command and Control System – Integrated Imagery and Intelligence systems located at laboratory facilities and on assets in assigned locations. Provide subject matter experts who are experienced in National Institute of Standards and Technology (NIST) and Department of Defense (DoD), including, but not limited to Air Force and Defense Information Systems Agency (DISA) enterprise and CSP implementation process and procedures.
  • Review the existing Xacta record and/or existing system artifacts. If no Xacta record exists, register the system in Xacta. Coordinate with application, system, and infrastructure owners, JTT Cybersecurity Lead, Air Force Security Control Assessor (SCA), and Air Force Authorizing Official (AO) points of contact to determine full scope of A&A effort.
  • Coordinate with the respective Government and contractor/CSP infrastructure A&A Leads to conduct appropriate automated vulnerability scans, perform DISA Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), checklists, spreadsheets and other required manual and automated Information Assurance Control (IAC)/Security Control (SC) Validations/Assessments; and coordinate with application, system, and infrastructure owners to remediate and/or mitigate vulnerabilities to an acceptable level of overall system risk to facilitate attainment of an Authorization to Operate (ATO).
  • Coordinate with the respective application, system, and infrastructure A&A Leads, or other assigned personnel, to obtain the required vulnerability scan reports and the completed STIG, SRG, checklists, spreadsheet, and other manual and automated IAC/SC Validation/Assessment reports.
  • Perform Test and Evaluation on the systems. The contractor shall perform security scans to include but not limited to Assured Compliance Assessment Solution (ACAS), SCAP, and Security Technical Implementation Guides (STIGs). They shall implement system security hardening guidelines on the systems and perform functional testing on the system after system security hardening is in place.
  • Develop network diagrams to show the accreditation boundary and develop all other required A&A documents as required.
  • Conduct Risk and threat analyses and compile the Risk Assessment Report (RAR) that documents the status, details regarding the affected systems, mitigation and remediation plans, timelines, resources required, responsible parties, and other amplifying information for each finding uncovered during testing.
  • Maintain the RAR as a living document and use it as a source document for validating the IACs/SCs and developing and maintaining the Plan of Action and Milestones (POA&M) for the affected application, system, or infrastructure within Xacta.
  • Prepare, review, provide feedback on, and fully validate the completeness and accuracy of all associated DIACAP and/or RMF packages pertaining to the applications, systems, and infrastructures under evaluation.
  • Accurately assess, guide the programs in minimizing risk, and fully validate the risk of all applications, systems, and infrastructures under evaluation.
  • Ensure all required artifacts are properly completed, accurately reflect the system, and are uploaded to Xacta. Utilize the RAR, Scan Results, STIG, SRG, checklist, spreadsheet, and other manual and automated IAC/SC Validation and Assessment reports to accurately reflect the Xacta status of each control as either Compliant, Non-Compliant, or Not Applicable; ensure that all IACs/SC that are inherited by the system under review are marked as such in Xacta.
  • Fill the Information Systems Security Engineer, Validator, and other roles within Xacta application as required by the SSC Pacific, Code 53825 Lead.
  • Present the application, system, infrastructure under review in formal collaboration meetings with JTT Cybersecurity Lead, the CA office, and the AO office. Document and track collaboration meeting minutes and action items distributed for concurrence, coordinate completion and tracking of collaboration meeting minutes and action items with the affected application, system, and infrastructure responsible parties, and notify and gain final concurrence of completed action items from the responsible parties from the JTT, CA, and AO offices.
  • Provide technical, security engineering and security control validation support on-site at various facilities as required by the SSC Pacific Code 53825 Lead. In support of this tasking, the contractor shall provide personnel who are experienced in using automated vulnerability scanning tools (e.g. Assured Compliance Assessment Solution (ACAS)), automated DISA STIGs, SRGs and manual STIGs, checklists, spreadsheets and other manual and automated validation and assessment tools required to satisfy the DIACAP and/or RMF Information Assurance (IA) Controls (IACs) and Security Controls (SCs) applicable to the application, system, infrastructure under review.
  • Provide A&A Project Management Support on-site in Philadelphia, PA including, but not limited to the following tasks:
    • Track Cybersecurity entry/exit criteria for systems
    • Transition site Cybersecurity planning to include ODAA negotiation
    • Manage GCCS-I3 packages in Xacta
    • Provide Quality Control (QC) for A&A packages
    • Track Transition systems A&A status
    • Set/track priorities for A&A packages
    • Develop A&A packages
    • Participate in Collaboration Meetings
    • Participate in design and readiness reviews
    • Respond to Transition Cybersecurity data calls
    • Set priorities for A&A packages with system owners
    • Identify and manage Transition systems Cybersecurity risks
    • Document Cybersecurity inputs to transition Integrated Master Schedule (IMS) to incorporate system path for accreditation and A&A milestones
    • Perform security testing and functional testing
    • Create test reports based on this testing

Qualifications:
BASIC QUALIFICATIONS
This position requires several trips to Langley, VA and Las Vegas, NV
  • Active TS/SCI.  
  • Bachelor’s degree from an accredited institution and a minimum of 8 years of direct experience or an additional 4 years of direct relevant technical experience may be substituted for advanced education.
  • The candidate must be able to use Joint Targeting Toolbox (JTT) System Security Engineering and Test and Evaluation to support Lifecycle and Engineering Services in support of Space and Naval Warfare Systems Center Pacific (SSC Pacific), Integrated Command, Control and Intelligence Engineering (IC2IE) Division, in Philadelphia, PA.
  • The candidate must be DoD 8570.01-M certified and experienced in generating, reviewing and/or validating DIACAP/RMF A&A packages and performing security engineering tasks for classified and unclassified/sensitive U.S. Government systems and applications (including but not limited to JTT Capability Package (CP) Phase 0 and other I3 capability at 363rd ISRW, Langley AFB, VA and CAOC-N, Nellis AFB, NV).  Requires ability to get an Xacta account.
  • Certified in accordance with IAT Level II in the following:
    • Microsoft Windows 7
    • Microsoft Windows 10
    • Server 2008, Server 2008 R2, Server 2012, Server 2012 R2 Active Directory
    • Red Hat Enterprise Linux (RHEL)
    • VMWare Certification VCP5 and/or VCP6 Operating systems
  • Experience with the following systems is required:
    • SPAWAR Systems Center Atlantic Security Content Automation Protocol (SCAP)
    • Compliance Checker (SCC)
    • Tenable Assured Compliance Assessment Solution (ACAS)
    • Network Mapper (NMap)
    • Internet Scanner Software (ISS)
    • Nessus, GFI LANguard Network Security Scanner
    • Yellow Jacket
‚Äč
Leidos Overview:
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos is an Equal Opportunity Employer.

 



Share this job:

Leidos

Leidos is a science and technology solutions leader working to address some of the world’s toughest challenges in national security, health, and infrastructure. The Company’s 19,000 employees support vital missions for our government and the commercial sector, develop innovative solutions to drive better outcomes, and defend our Nation’s digital and physical infrastructure from ‘new world’ threats. Leidos is headquartered in Reston, Va. and had approximately $5.06 billion in revenues for fiscal year 2015, on a pro forma basis, following the spin-off of the company’s technical, engineering and enterprise IT business on Sept. 27, 2013.
Visit Leidos's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Public Company
Company Size: 10,001+