Risk Management Framework / Information Assurance Analyst Lead

Leidos is seeking an RMF/Information Assurance Engineer to support large-scale migration and operations on a large, high-profile DOD contract. The I3TS program provides enterprise-wide IT support to enable DTRA’s Information Management & Technology Directorate (ITD) to consolidate, modernize, and continuously innovate the delivery of IT services and mission capabilities to DTRA’s internal and external mission partners operating in CONUS and OCONUS locations.

Primary Responsibilities

• Assist the DTRA ISSM(s) by proactively tracking and reporting cybersecurity and RMF activity timelines, ensuring that all NIPR and SIPR RMF Packages are accurately maintained.

• Populate and regularly update RMF packages within DTRA's instances of the DoD Enterprise Mission Assurance Support Service (eMASS) and the Intelligence Community's Xacta system for IT systems, networks, and other assets requiring package preparation.

• Lead the creation and maintenance of cybersecurity operations-related Policies and Procedures, Administrative Guides, Plans, and Technical Documentation.

• Provide cybersecurity technical support and subject matter expertise to DTRA's cybersecurity and risk management leadership, delivering senior-level briefings as necessary.

• Offer security guidance throughout system lifecycles in collaboration with engineers, administrators, and software developers.

• Prepare impact and risk assessment reports on residual risks, including identifying false positives and nonapplicable findings, for use by DTRA's cybersecurity and risk management leadership. This includes security compliance reports, STIG reports, compliance status briefings, and security/risk test artifacts.

• Assist in the selection, configuration, operation, and reporting of vulnerability assessment and container-based security testing tools.

• Support cybersecurity and risk management workflow actions and change request tickets within DTRA's change management system, including reviewing, approving, or addressing risk management aspects of change requests.

• Ensure compliance with and support DTRA's supply chain risk management, foreign ownership and controlling interest, and review requirements for commercial, third-party, and open-source software.

• Lead security and compliance scanning of IT assets, including the delivery of scan reports.

• Help DTRA ISSM cybersecurity and RMF support teams respond to Cyber Task Orders, IA Directives, task responses, vulnerability discoveries, and ad-hoc vulnerability scanning requirements.

• Provide technical guidance to engineers, software developers, and system administrators to support vulnerability remediation, STIG compliance, patching, and code security measures required to achieve compliance.

• Validate the effectiveness of bug fixes, patches, and other remediation activities identified during previous test activities, providing evidential artifacts when needed to support IV&V, RMF, Cyber Task Orders, and other processes.

• Review and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization (Certification/Accreditation) activities.

Basic Qualifications

• BS degree with 12+ years’ experience or 16+ years of IA experience without a degree.

• Current DoD 8570 baseline certification for IAM III

• Expert in Risk Management Framework (RMF), NIST, ICD, and CNSS standards.

• Expert with with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management

• STIG compliance, SCC and STIG Viewer experience, and ACAS expertise.

• Expert with Microsoft Windows, Linux, and system virtualization in a secure network environment.

• Must be able to work in a constantly changing regulatory environment with short-, mid-, and long-term timelines for remediating any non-compliance

• Must be able to work well within a team environment and able to adapt quickly to change

• Good writing and verbal presentation skills

• Active DoD Top Secret Clearance with eligibility to obtain an SCI

Preferred Qualifications

• Past or current ISSM/ISSO experience

• Security+ or CISSP

• GCIH a plus

• DoD IS knowledge and experience

• Background or understanding of System Security Plans (SSP)

• Security hardening scripting/automation experience

• Microsoft OS Certification (MCSE Win 7 or other)

• Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.)

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.