Leidos · 8 hours ago
Information Systems Security Risk Analyst
United States
Full-time
Remote
Senior Level, Lead/Staff
$101K/yr - $183K/yr
10+ years exp
Maximize your interview chancesComputerGovernment
No H1B
Insider Connection @Leidos
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Provide security vulnerability management, and policy/compliance support on HUD HITS network of 13,000 devices. Provide incident response for viruses/malicious code/breaches.
Conduct security risk assessments and compliance on General Support Systems, utilize tools for vulnerability management, and patch management (SCCM), Intrusion Detection System (IDS). Perform daily management of IBM Site Protector Intrusion Detection System, SumoLogic audit logging collection tool, Security Center, and Nessus for scanning.
Provide network security support for SonicWall SSL VPN appliance and ForeScout CounterACT. Ensure comprehensive device visibility and LAN device authentication.
Weekly response and track remediation to Department of Homeland Security (DHS) for NCATS reporting.
Write Initial Privacy Assessments (IPA), Privacy Impact Analysis (PIA) & PICLA (Civil Liberties), Privacy Threshold Analysis (PTA), and Risk Assessments.
Produce reports for Continuous Diagnostics and Mitigation (CDM).
Perform investigative searches in audit logs utilizing Tenable Log Correlation Engine (LCE).
Experience in system engineering, development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A).
Thorough knowledge of applicable NIST Special Publications (800-18, 800-34, 800-37 Rev. 1, 800 53\53A Rev. 5, 800-60 Rev. 1, 800-137, 800-144) and FIPS 199 and 200 as they pertain to RMF
Develop and maintain System Security Plans (SSP) for networks and systems and conduct periodic compliance reviews of SSP.
Thorough knowledge and daily use of Cyber Security Assessment and Management (CSAM).
Utilize Plan of Action and Milestones (POAM) to identify and correct weaknesses in existing processes.
Prepare status reports and coordinate remediation responses to vulnerabilities or audit result findings.
Perform investigative searches of security relevant logs in response to incidents.
Develop security audits for Operating System compliance against CIS and STIG benchmarks.
Ensures a minimum of 95% Vulnerability patch compliance for systems on the customer's network.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor of Science Computer Network and Cybersecurity
10+ year(s) related experience or equivalent experience, training and/or industry security certifications.
Requires deep understanding of and ability to apply principles, theories, and concepts of technical domain.
Must possess current Housing and Urban Development (HUD) Public Trust clearance.
Industry Cyber Security Certifications such as Information Systems Audit and Control Association Certified Information Systems Auditor (CISA), CompTIA Security +
Provide security vulnerability management, and policy/compliance support on HUD HITS network of 13,000 devices.
Provide incident response for viruses/malicious code/breaches.
Conduct security risk assessments and compliance on General Support Systems.
Utilize tools for vulnerability management, and patch management (SCCM), Intrusion Detection System (IDS).
Perform daily management of IBM Site Protector Intrusion Detection System, SumoLogic audit logging collection tool, Security Center, and Nessus for scanning.
Provide network security support for SonicWall SSL VPN appliance and ForeScout CounterACT.
Ensure comprehensive device visibility and LAN device authentication.
Weekly response and track remediation to Department of Homeland Security (DHS) for NCATS reporting.
Write Initial Privacy Assessments (IPA), Privacy Impact Analysis (PIA) & PICLA (Civil Liberties), Privacy Threshold Analysis (PTA), and Risk Assessments.
Produce reports for Continuous Diagnostics and Mitigation (CDM).
Perform investigative searches in audit logs utilizing Tenable Log Correlation Engine (LCE).
Experience in system engineering, development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A).
Thorough knowledge of applicable NIST Special Publications (800-18, 800-34, 800-37 Rev. 1, 800 53\53A Rev. 5, 800-60 Rev. 1, 800-137, 800-144) and FIPS 199 and 200 as they pertain to RMF.
Develop and maintain System Security Plans (SSP) for networks and systems and conduct periodic compliance reviews of SSP.
Thorough knowledge and daily use of Cyber Security Assessment and Management (CSAM).
Utilize Plan of Action and Milestones (POAM) to identify and correct weaknesses in existing processes.
Prepare status reports and coordinate remediation responses to vulnerabilities or audit result findings.
Perform investigative searches of security relevant logs in response to incidents.
Develop security audits for Operating System compliance against CIS and STIG benchmarks.
Ensures a minimum of 95% Vulnerability patch compliance for systems on the customer's network.
Preferred
Ability to work independently to achieve day-to-day objectives with significant impact on operational results or project deliverables.
Responsible for entire projects or processes within a technical area.
Company
Leidos
Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health.
10,001+ employees
Funding
Current Stage
Public CompanyTotal Funding
unknown2013-09-17IPO· undefined
Leadership Team
Kirk Smedley
Chief Technology Officer, Spatial Solutions
Amy Smith
Senior Vice President, Government Affairs
Recent News
2024-11-19
2024-11-16
Company data provided by crunchbase
