Security Control Assessors
Leidos is seeking multiple Security Control Assessors to support our assessment team. These positions can be based out of any of our three locations - Alexandria, VA, Fort Meade, MD, or Chambersburg, PA. These positions are primarily on-site, but light, partial telework may be available at the discretion of our customer and program management. Significant travel may be required - estimated 80% of the time.
Responsibilities:
- Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN.
- Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing.
- Adhere to policies and processes for each assessment type.
- Support assessment development and execution to ensure security expertise is properly applied.
- Coordinate logistics, test plans, and scope with the SCA Team Lead.
- Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS.
- Analyze security gaps and provide mitigation recommendations.
- Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.
- Provide risk analysis and assessment results for authorization recommendations.
- Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R.
- If senior staff, mentor and guide personnel by providing technical expertise, best practices, and professional development support to enhance team capabilities and knowledge.
Basic Qualifications:
- Active DoD Top Secret clearance with SCI eligibility required
- Current DoD 8570 IAM II or IAT II certification
- Ability and willingness to travel for assessments as required, up to 80% of the time
- Bachelor's degree (IT-related field preferred) and five (5) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
- Three (3) years of experience in a Certification and Accreditation/A&A role
- Demonstrated experience with STIGs, SRGs, POA&Ms and cybersecurity best practices, as well as relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
- Strong understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253, as well as key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications
- Strong written and verbal communication skills for reporting assessment findings
Pay Range: $67,600.00 - $122,200.00