Offres d'emploi

Description

Leidos' Corporate Information Security Office, reporting through the Digital Sector, is seeking an Alternate Information Systems Security Manager (Alt. ISSM) in our San Diego, CA Campus Point office.

In this role, you will oversee several DCSA-approved Collateral Information Systems and maintain accreditation throughout the system lifecycle. You will serve as the Information Assurance (IA) Subject Matter Expert (SME), providing technical leadership and security oversight for collateral enclaves across the enterprise, with demonstrated expertise in SIPRNet environments and requirements. To be successful in this role, you will have a proven track record supporting and leading successful CORA / CCRI inspections, ensuring compliance with DoD, DCSA, and applicable cybersecurity policies and directives. Additionally, you will oversee day-to-day information system security operations; manage collateral IA and IT personnel; resolve complex cybersecurity challenges; and develop innovative solutions to meet evolving security requirements. Ideally, you will demonstrate the ability to successfully work independently and collaboratively with analysts, information technology management and staff, site leadership, and external stakeholders to ensure mission success and regulatory compliance.

Primary Responsibilities

This role may include a combination of duties to protect information and maintain security controls for an entire system, site, or program to reduce risk.

• Develop and lead Information Security projects from concept through deployment, implementation, and user acceptance.

• Support and maintain SIPRNet environments, ensuring compliance with DoD, NISPOM, DAAG, and organizational cybersecurity requirements through continuous monitoring, risk management, and security operations.

• Conduct vulnerability assessments and remediation activities, including STIG implementation, vulnerability analysis, POA&M management, and timely correction of security findings to maintain system accreditation and compliance.

• Conduct vulnerability assessments and remediation efforts, including STIG implementation, vulnerability analysis, POA&M tracking, and timely correction of security findings to maintain system accreditation and compliance.

• Develop and deliver cybersecurity, information assurance, and incident response training programs; create training materials, procedures, and technical instruction to promote security awareness and workforce readiness.

• Implement and manage RMF Continuous Monitoring activities, utilizing automated tools and ticketing systems to track security controls, vulnerabilities, corrective actions, and compliance status.

• Maintain and update system authorization packages and supporting documentation, including SSPs, CONOPS, POA&Ms, security control evidence, continuous monitoring artifacts, and other Assessment and Authorization (A&A) documentation.

• Develop and maintain Configuration Management procedures for security-relevant hardware, software, and firmware; facilitate CCB meetings, assess security impacts of proposed changes, and document approvals and implementation evidence.

• Ensure information systems are operated, maintained, and disposed of in accordance with approved authorization packages, customer requirements, and applicable security policies.

• Evaluate proposed system changes and advise program and site leadership on security implications, risks, and required mitigations.

• Participate in risk management activities, security assessments, audits, and inspections; conduct risk assessments and coordinate corrective actions to address identified findings.

• Lead investigations of cybersecurity incidents and security violations, coordinate reporting requirements, and ensure appropriate containment, remediation, recovery, and corrective actions are implemented.

• Partner with the Facility Security Officer (FSO) and program leadership to develop, implement, and manage the Information Systems Security Program.

• Develop, implement, enforce, and continuously improve information security policies, procedures, and operational practices.

Basic Qualifications

• An active DoD Secret clearance is required for consideration; you must also be eligible to obtain Top Secret clearance following hire.

• Bachelor’s degree in an IT-related subject matter area from an accredited college or university and 8+ years of experience in being in an operational cyber security-specific role (e.g., information system security manager, information system security officer, cyber security specialist) or have 12+ years of experience in an IT related position with at least 10 of those years in an operational cyber security specific role.

• At least 10 years of IA Cyber management experience.

• DoD 8570 IAM Level III certified (CISSP or equivalent)

• Experience serving as a SIPRNet SME and supporting successful CORA and/or CCRI inspections in a lead or key contributor role.

• Detailed understanding of the Risk Management Framework (RMF), National Institute of Standards and Technology (NIST), and Committee on National Security Systems (CNSS) cyber security requirements and guidance, cybersecurity-related risk management techniques.

• Working knowledge in maintaining compliance with National Industrial Security Program Operating Manual (NISPOM) and DCSA Assessment and Authorization Process Manual (DAAPM) / DCSA Assessment and Authorization Guide (DAAG) security requirements for classified information systems.

• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment, including crypto and key management.

• Working knowledge of Microsoft Windows (workstation & server) and Linux operating systems in a secure network environment.

• Experience with compliance and vulnerability scanning tools (e.g., Tenable, Splunk, ACAS, STIG Viewer).

• Experience with workflow, documentation, and configuration/change management tools (e.g., JIRA, Confluence, eMASS).

• Must be able to work in a constantly changing regulatory environment with short-, mid-and long-term timelines for remediating any non-compliance.

• Must work well within a team environment and adapt quickly to change.

• Excellent verbal and written communication skills.

Preferred Qualifications

• Proficient in using Microsoft Windows and Linux operating systems and cloud computing.

• Experience with developing policies, procedures, and guidance, including providing artifacts for the RMF process.

• Experience using JIRA ticking and confluence.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.