Information Systems Security Risk Analyst @ Leidos | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Information Systems Security Risk Analyst jobs in United States
Be an early applicantLess than 25 applicants
company-logo

Leidos · 14 hours ago

Information Systems Security Risk Analyst

ftfMaximize your interview chances
ComputerGovernment
check
Actively Hiring
badNo H1Bnote

Insider Connection @Leidos

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Provide security vulnerability management, and policy/compliance support on HUD HITS network of 13,000 devices. Provide incident response for viruses/malicious code/breaches.
Conduct security risk assessments and compliance on General Support Systems, utilize tools for vulnerability management, and patch management (SCCM), Intrusion Detection System (IDS). Perform daily management of IBM Site Protector Intrusion Detection System, SumoLogic audit logging collection tool, Security Center, and Nessus for scanning.
Provide network security support for SonicWall SSL VPN appliance and ForeScout CounterACT. Ensure comprehensive device visibility and LAN device authentication.
Weekly response and track remediation to Department of Homeland Security (DHS) for NCATS reporting.
Write Initial Privacy Assessments (IPA), Privacy Impact Analysis (PIA) & PICLA (Civil Liberties), Privacy Threshold Analysis (PTA), and Risk Assessments.
Produce reports for Continuous Diagnostics and Mitigation (CDM).
Perform investigative searches in audit logs utilizing Tenable Log Correlation Engine (LCE).
Experience in system engineering, development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A).
Thorough knowledge of applicable NIST Special Publications (800-18, 800-34, 800-37 Rev. 1, 800 53\53A Rev. 5, 800-60 Rev. 1, 800-137, 800-144) and FIPS 199 and 200 as they pertain to RMF
Develop and maintain System Security Plans (SSP) for networks and systems and conduct periodic compliance reviews of SSP.
Thorough knowledge and daily use of Cyber Security Assessment and Management (CSAM).
Utilize Plan of Action and Milestones (POAM) to identify and correct weaknesses in existing processes.
Prepare status reports and coordinate remediation responses to vulnerabilities or audit result findings.
Perform investigative searches of security relevant logs in response to incidents.
Develop security audits for Operating System compliance against CIS and STIG benchmarks.
Ensures a minimum of 95% Vulnerability patch compliance for systems on the customer's network.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cyber SecurityRisk Management Framework (RMF)Incident ResponseSecurity Vulnerability ManagementNetwork SecurityNIST Special PublicationsSystem Security Plans (SSP)Cyber Security AssessmentManagement (CSAM)SCCMIntrusion Detection System (IDS)IBM Site ProtectorSumoLogicNessusSonicWall SSL VPNForeScout CounterACTTenable Log Correlation Engine (LCE)Plan of ActionMilestones (POAM)CISSTIG benchmarksInformation Systems AuditControl Association Certified Information Systems Auditor (CISA)CompTIA Security +

Required

Bachelor of Science Computer Network and Cybersecurity
10+ year(s) related experience or equivalent experience, training and/or industry security certifications.
Requires deep understanding of and ability to apply principles, theories, and concepts of technical domain.
Must possess current Housing and Urban Development (HUD) Public Trust clearance.
Industry Cyber Security Certifications such as Information Systems Audit and Control Association Certified Information Systems Auditor (CISA), CompTIA Security +
Provide security vulnerability management, and policy/compliance support on HUD HITS network of 13,000 devices.
Provide incident response for viruses/malicious code/breaches.
Conduct security risk assessments and compliance on General Support Systems.
Utilize tools for vulnerability management, and patch management (SCCM), Intrusion Detection System (IDS).
Perform daily management of IBM Site Protector Intrusion Detection System, SumoLogic audit logging collection tool, Security Center, and Nessus for scanning.
Provide network security support for SonicWall SSL VPN appliance and ForeScout CounterACT.
Ensure comprehensive device visibility and LAN device authentication.
Weekly response and track remediation to Department of Homeland Security (DHS) for NCATS reporting.
Write Initial Privacy Assessments (IPA), Privacy Impact Analysis (PIA) & PICLA (Civil Liberties), Privacy Threshold Analysis (PTA), and Risk Assessments.
Produce reports for Continuous Diagnostics and Mitigation (CDM).
Perform investigative searches in audit logs utilizing Tenable Log Correlation Engine (LCE).
Experience in system engineering, development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A).
Thorough knowledge of applicable NIST Special Publications (800-18, 800-34, 800-37 Rev. 1, 800 53\53A Rev. 5, 800-60 Rev. 1, 800-137, 800-144) and FIPS 199 and 200 as they pertain to RMF.
Develop and maintain System Security Plans (SSP) for networks and systems and conduct periodic compliance reviews of SSP.
Thorough knowledge and daily use of Cyber Security Assessment and Management (CSAM).
Utilize Plan of Action and Milestones (POAM) to identify and correct weaknesses in existing processes.
Prepare status reports and coordinate remediation responses to vulnerabilities or audit result findings.
Perform investigative searches of security relevant logs in response to incidents.
Develop security audits for Operating System compliance against CIS and STIG benchmarks.
Ensures a minimum of 95% Vulnerability patch compliance for systems on the customer's network.

Preferred

Ability to work independently to achieve day-to-day objectives with significant impact on operational results or project deliverables.
Responsible for entire projects or processes within a technical area.

Company

Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health.

Funding

Current Stage
Public Company
Total Funding
unknown
2013-09-17IPO· undefined

Leadership Team

leader-logo
Kirk Smedley
Chief Technology Officer, Spatial Solutions
linkedin
leader-logo
Amy Smith
Senior Vice President, Government Affairs
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot