System Security Manager
Description Leidos is a Fortune 500(TM) company aimed at embracing and solving some of the world's most pressing challenges.
Through science and technology, Leidos makes the world safer, healthier, and more efficient.
Our Civil Group offers an array of exciting career opportunities for the best IT, energy, logistics, and engineering professionals.
Driven by our talented workforce, the Federal Energy, Environment, and Commerce Operation builds trust through an array of energy-related IT, environmental science, and engineering solutions to meet our customers' needs.
Key Capabilities:
Large InfrastructureMission SupportDigital ModernizationCommand & ControlMission ApplicationsEnvironmental ScienceNuclear SecurityEngineering ServicesRequired Security Clearance:
Candidate must be able to obtain and maintain a DOE Q Clearance.
This position is contingent upon clearance verification and program/customer concurrence.
Responsibilities:
Support the Cyber Security and Information Technology programs, reporting to the Information System Security Manager (ISSM) and IT Director.
Operate as the Subject Matter Expert (SME) within the Information Assurance technical domain.
Ability to work independently and collaboratively with IT and Cyber professionals.
Develop, review, and oversee the implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security across the organization's information systems.
Maintain a deep understanding of relevant government regulations related to information system security and ensure organizational compliance with Department of Energy mandates.
This includes keeping up to date with future modifications to these regulations.
Lead efforts in identifying, analyzing, and mitigating potential security risks in accordance with government regulations.
Attend, plan, coordinate, and conduct internal and external audits or assessments to ensure continued compliance with established security policies and regulations.
Address any identified issues such as opportunities for improvement (OFIs) or non-conformities (NCs) in a timely and comprehensive manner.
Supervise the activities of Cyber Security Analysts and the Cyber Operations Group Lead.
Offer guidance and support to ensure effective security measures are in place and are executed according to site policies and regulations.
Coordinate the response to any security incidents, working closely with the Cyber Security team to investigate, document, and report incidents, while also making recommendations for future risk mitigation.
Coordinate with relevant departments to develop and deliver information security training and awareness programs to ensure staff are aware of their responsibilities and can act in a manner that minimizes risk to the organization.
Regularly report to senior management about the status of the organization's security posture, regulatory compliance status, audit findings, and any other security-related issues and plans.
Regularly review and recommend improvements to the organization's security policies, processes, and practices based on changes in the threat landscape, technology landscape, or business requirements.
Evaluate the security controls of third-party vendors and manage the risk associated with third-party relationships.
Ensure contractual security requirements are being met by vendors.
Accountabilities:
Communication Skills:
The candidate should have demonstrated leadership qualities, strong verbal/written communication skills, communicate clearly at both one-on-one and group levels, communicate with team leaders, managers, and internal employees in the decision-making process to obtain needed information, make the most appropriate decisions, and ensure buy-in and understanding of resulting decisions.
Task Management Skills:
The candidate is expected to proactively determine project or assignment requirements by breaking them down into tasks and identifying types of equipment, and materials needed.
The candidate consistently and proactively identifies more critical and less critical activities and assignments and effectively adjusts priorities when appropriate.
Team Coordination Skills:
The candidate is expected to set high expectations for oneself, and has the courage to raise the bar continuously.
The candidate holds oneself and others accountable for continuous improvement and communicates expectations directly, openly, and effectively.
The candidate conveys a sense of purpose and mission that motivates others, maintains direction, and balances big-picture concerns with day-to-day issues.
The candidate guides others in creating relevant options for addressing problems/opportunities and achieving desired outcomes.
Base of Knowledge Skills:
The candidate must have complete knowledge of verification, validation, certification, and qualification processes and procedures, including knowledge of current governing regulations and compliance requirements; advanced level of understanding and proficiency in the use of networking computing hardware and software applications; extensive knowledge of processes and tools needed to maintain, archive, and retrieve digital files; as it relates to cybersecurity, ability to read and understand contracts, Statements of Work.
Minimum Certifications, Education, and
Experience:
Bachelor's degree from an IT or Cyber related subject matter area from an accredited college or university, and 4
years of experience in an IT-related position with at least 2 years being in an operational cyber security-specific role (e.
g.
, information system security officer, cyber security analyst) or;Associate's degree from an IT or Cyber related subject matter area from an accredited college or university and 6
years of experience in an IT-related position with at least four years being in an operational cyber security-specific role (e.
g.
, information system security officer, cyber security analyst) or;High School diploma/equivalent with at least 8 years of IT/Cyber experience.
Possess a Cyber centric certification such as a Security+, CISM, or CISSP.
Preferred Experience and
Qualifications:
Experience or knowledge of U.
S.
Department of Energy (DOE) directives, or similar U.
S.
State or Federal departmental agency policies, and procedures pertaining to sensitive information, computing, cybersecurity, information technology, etc.
Experience with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 or Revision 5Demonstrated success in achieving project completion in a timely manner.
This includes having effective project management skills and correctly assessing the time required to carry out given tasks.
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to Governance Risk and Compliance (GRC) applications, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Possess a Cyber Security application or vendor-specific certification associated with any number of the types of relevant tools previously listed.
Possess an intermediate to expert level Cyber centric industry certification such as a CYSA+, CASP+, OSCP, GCIH, CISA, CISM, or CISSP.
Operating System experience to include a fundamental understanding of common security best practices or industry standard baselines such as those developed by the Center for Information Security (CIS) or the Defense Information Systems Agency (DISA).
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to:
Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Demonstrated knowledge of standard IT processes and tools that are used to maintain, archive, sanitize, and retrieve digital files.
NOTE:
Must be a U.
S.
Citizen and eligible for a DOE Security Clearance Job Travel Requirement:
Able and willing to travel onsite to the Portsmouth location for onsite ICS (Industrial Control Systems) related requirements in Portsmouth.
Potential for Telework:
Yes, preference is roughly 40% remote and 60% on-site, negotiablePay Range:
Pay Range $78,000.
00 - $120,000.
00 - $162,000.
00The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary.
Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Recommended Skills Application Security Open Web Application Security Penetration Testing Identity Management Federal Information Processing Standards (Fips) Federal Information Security Management Act Estimated Salary: $20 to $28 per hour based on qualifications.
Through science and technology, Leidos makes the world safer, healthier, and more efficient.
Our Civil Group offers an array of exciting career opportunities for the best IT, energy, logistics, and engineering professionals.
Driven by our talented workforce, the Federal Energy, Environment, and Commerce Operation builds trust through an array of energy-related IT, environmental science, and engineering solutions to meet our customers' needs.
Key Capabilities:
Large InfrastructureMission SupportDigital ModernizationCommand & ControlMission ApplicationsEnvironmental ScienceNuclear SecurityEngineering ServicesRequired Security Clearance:
Candidate must be able to obtain and maintain a DOE Q Clearance.
This position is contingent upon clearance verification and program/customer concurrence.
Responsibilities:
Support the Cyber Security and Information Technology programs, reporting to the Information System Security Manager (ISSM) and IT Director.
Operate as the Subject Matter Expert (SME) within the Information Assurance technical domain.
Ability to work independently and collaboratively with IT and Cyber professionals.
Develop, review, and oversee the implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security across the organization's information systems.
Maintain a deep understanding of relevant government regulations related to information system security and ensure organizational compliance with Department of Energy mandates.
This includes keeping up to date with future modifications to these regulations.
Lead efforts in identifying, analyzing, and mitigating potential security risks in accordance with government regulations.
Attend, plan, coordinate, and conduct internal and external audits or assessments to ensure continued compliance with established security policies and regulations.
Address any identified issues such as opportunities for improvement (OFIs) or non-conformities (NCs) in a timely and comprehensive manner.
Supervise the activities of Cyber Security Analysts and the Cyber Operations Group Lead.
Offer guidance and support to ensure effective security measures are in place and are executed according to site policies and regulations.
Coordinate the response to any security incidents, working closely with the Cyber Security team to investigate, document, and report incidents, while also making recommendations for future risk mitigation.
Coordinate with relevant departments to develop and deliver information security training and awareness programs to ensure staff are aware of their responsibilities and can act in a manner that minimizes risk to the organization.
Regularly report to senior management about the status of the organization's security posture, regulatory compliance status, audit findings, and any other security-related issues and plans.
Regularly review and recommend improvements to the organization's security policies, processes, and practices based on changes in the threat landscape, technology landscape, or business requirements.
Evaluate the security controls of third-party vendors and manage the risk associated with third-party relationships.
Ensure contractual security requirements are being met by vendors.
Accountabilities:
Communication Skills:
The candidate should have demonstrated leadership qualities, strong verbal/written communication skills, communicate clearly at both one-on-one and group levels, communicate with team leaders, managers, and internal employees in the decision-making process to obtain needed information, make the most appropriate decisions, and ensure buy-in and understanding of resulting decisions.
Task Management Skills:
The candidate is expected to proactively determine project or assignment requirements by breaking them down into tasks and identifying types of equipment, and materials needed.
The candidate consistently and proactively identifies more critical and less critical activities and assignments and effectively adjusts priorities when appropriate.
Team Coordination Skills:
The candidate is expected to set high expectations for oneself, and has the courage to raise the bar continuously.
The candidate holds oneself and others accountable for continuous improvement and communicates expectations directly, openly, and effectively.
The candidate conveys a sense of purpose and mission that motivates others, maintains direction, and balances big-picture concerns with day-to-day issues.
The candidate guides others in creating relevant options for addressing problems/opportunities and achieving desired outcomes.
Base of Knowledge Skills:
The candidate must have complete knowledge of verification, validation, certification, and qualification processes and procedures, including knowledge of current governing regulations and compliance requirements; advanced level of understanding and proficiency in the use of networking computing hardware and software applications; extensive knowledge of processes and tools needed to maintain, archive, and retrieve digital files; as it relates to cybersecurity, ability to read and understand contracts, Statements of Work.
Minimum Certifications, Education, and
Experience:
Bachelor's degree from an IT or Cyber related subject matter area from an accredited college or university, and 4
years of experience in an IT-related position with at least 2 years being in an operational cyber security-specific role (e.
g.
, information system security officer, cyber security analyst) or;Associate's degree from an IT or Cyber related subject matter area from an accredited college or university and 6
years of experience in an IT-related position with at least four years being in an operational cyber security-specific role (e.
g.
, information system security officer, cyber security analyst) or;High School diploma/equivalent with at least 8 years of IT/Cyber experience.
Possess a Cyber centric certification such as a Security+, CISM, or CISSP.
Preferred Experience and
Qualifications:
Experience or knowledge of U.
S.
Department of Energy (DOE) directives, or similar U.
S.
State or Federal departmental agency policies, and procedures pertaining to sensitive information, computing, cybersecurity, information technology, etc.
Experience with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 or Revision 5Demonstrated success in achieving project completion in a timely manner.
This includes having effective project management skills and correctly assessing the time required to carry out given tasks.
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to Governance Risk and Compliance (GRC) applications, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Possess a Cyber Security application or vendor-specific certification associated with any number of the types of relevant tools previously listed.
Possess an intermediate to expert level Cyber centric industry certification such as a CYSA+, CASP+, OSCP, GCIH, CISA, CISM, or CISSP.
Operating System experience to include a fundamental understanding of common security best practices or industry standard baselines such as those developed by the Center for Information Security (CIS) or the Defense Information Systems Agency (DISA).
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to:
Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Demonstrated knowledge of standard IT processes and tools that are used to maintain, archive, sanitize, and retrieve digital files.
NOTE:
Must be a U.
S.
Citizen and eligible for a DOE Security Clearance Job Travel Requirement:
Able and willing to travel onsite to the Portsmouth location for onsite ICS (Industrial Control Systems) related requirements in Portsmouth.
Potential for Telework:
Yes, preference is roughly 40% remote and 60% on-site, negotiablePay Range:
Pay Range $78,000.
00 - $120,000.
00 - $162,000.
00The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary.
Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Recommended Skills Application Security Open Web Application Security Penetration Testing Identity Management Federal Information Processing Standards (Fips) Federal Information Security Management Act Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
