Information System Security Engineer (ISSE)

Description

Leidos is seeking an Information System Security Engineer (ISSE) to collaborate with the Information System Security Manager (ISSM) serving as a subject matter expert in advanced technical principles, theories, and concepts in Security Engineering, including operations, engineering, technical and program management support services, and RMF/ATO compliance to support cyber-related operations.

Duties will include: 

• Under the direction and guidance of the ISSM, capture and refine information security requirements and ensure their integration into information technology components and information systems through purposeful security design and configuration. 
• Perform vulnerability assessments to determine weaknesses and exploit methods in systems/networks utilizing approved COTS and GOTS tools, in conjunction with security testing methodologies and frameworks to assess threats against information and system/networks and recommend appropriate countermeasures for continued mission assurance. 
• Perform cybersecurity analysis, identification, and remediation of complex cybersecurity compliance requirements on IT systems and applications to include: Microsoft Windows and RHEL family of servers, workstations operating systems. RDBMS such as SQL and PostgreSQL, XML, and JSON-based semi-structured technologies. Web-Server and web application technologies (e.g., MS IIS, Apache/Tomcat, SharePoint). Virtualization technologies such as VMware and VDI infrastructures. Network infrastructure components such as switches, firewalls, vSANs, and thin client hardware. 
• Provide remediation recommendations and mitigating strategies for vulnerabilities discovered and maintain in-depth knowledge of STIG/SRGs, technologies such as Tenable Nessus, SCAP compliance tools like EvaluateSTIG and other automated tools that assist with the assessment of security controls and the presentation of security assessment results. 
• In coordination with change management processes, remediate, apply, and/or mitigate vulnerabilities to systems and system components through the application of security updates, patches, fixes, and/or secure configurations. 
• Support the creation, development, and documentation of cybersecurity processes and procedures supporting Authorization to Operate (ATO) packages and, as needed, to mature the program’s cybersecurity posture. 
• Experience with eMASS to manage ATO package 
• Prepare and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports, and Plans of Action and Milestones (POA&Ms).    
• Install, configure and manage Trellix products. 
• Create, tune, and enforce security policies through the ePO console to meet company security standards and compliance requirements. 
• Troubleshoot Splunk issues between server and forwarder, create custom dashboards and implement best practices. 
• Administer, configure, and maintain the Tenable Security Center.   
• Review ACAS results and remediate appropriately. 

Basic Qualifications:

• US Citizen with at least an active DoD Secret clearance and the ability to maintain that clearance during your employment.
• Bachelor’s degree in a related field and 8+ years of experience or a masters degree and 6+ years of experience. Additional experience may be considered in lieu of a degree.
• Compliant with DoD 8140 requirements. 
• DoD Risk Management Framework (RMF), especially in supporting Step 6.   
• System/software design, enterprise architecture security, integration, testing, system administration, application administration, training, deployment, and O&M. 
• Design, develop, and use host-based and network-based scanning tools. 
• Security Content Automated Protocol (SCAP) based tools and specifications. 
• Install, configure, test, deploy, and O&M of Enterprise-wide network-based cybersecurity tools (e.g., Trellix ESS, ACAS, Splunk, etc.) to support compliance testing and continuous monitoring. 
• Supporting security engineering practices in the System/Software Development Life Cycle (SDLC) Process; General knowledge of the DoD and secure Information/LAN/WAN technologies. 
• Hardening modern operating systems (OS) (i.e., RHEL, Microsoft Windows) and applications using Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and/or industry best practices and documenting results on requisite checklists. 
• Compiling and providing metrics to program management as needed. 
• Presenting technical information to non-technical stakeholders. 

Preferred Qualifications:

Experience in the following: 

• Working experience with programming or scripting languages. 
• Working experience with Trellix. 
• Experience working in a DoD environment with the ability to adapt and rapidly meet changing deadlines and obligations.  
• Leading or mentoring junior members of a team. 
• Project Management experience in an agile scrum environment. 
• CASP+/SecurityX or CISSP certification 

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

#Featuredjob