Responsibilities/Expectations: 

• Maintain compliance of the IGC program utilizing Risk Management Framework (RMF) in accordance with National Institute of Standards and Technology Special Publication 800-37 (NIST SP 800-37)
• Access the Information Assurance Support Environment (IASE) Security Technical Implementation Guide) STIG repository to download, benchmarks, STIGs and tools
• Utilize the STIG Viewer to create checklists, analyze vulnerabilities, determine findings and prepare remediation and mitigation strategies for RMF Continuous Monitoring requirements
• Review weekly USCYBERCOM Information Assurance Vulnerability Alerts and Bulletins (IAVAs and IAVBs) for applicable vulnerabilities
• Submit weekly Information Assurance Vulnerability Management (IAVM) reports and prepare IAVM and non-IAVM patch packages for manual patch application by system administrators
• Analyze Assured Compliance Assessment Solution (ACAS) scans using the Enterprise Security Posture System (ESPS) and report IAVM and non-IAVM vulnerabilities to system administrators to ensure systems are patched prior to remediation due dates
• Maintain quarterly RMF STIG Plan of Action and Mitigation (POA&M) and weekly IAVA POA&M
• Install Microfocus Fortify Scan Engine/Rulepack updates to Clearcase. 
• Scan/Analyze IGC code utilizing Microfocus Fortify and collaborate with customer/developers to mitigate/remediate security findings
• Prepare and deliver IGC releases for Government security approval
• Prepare and update RMF documentation as part of Continuous Monitoring
• Develop metrics for measuring and improving the effectiveness of the IGC security plan
• Manage secure systems and security containers in a classified environment
• Communicate directly with military, other contractors, and U.S. Government personnel; therefore, requires excellent oral and written communication skills
• Prepare and lead weekly Information Assurance meeting
• Collaborate with developers and engineers to advise on secure system configurations
• Provide Vulnerability Assessments with recommended mitigation/remediation steps 
• Additional duties may include supporting Technical Writing, Systems Analyst/Administration, Tier2 Help Desk, Test Engineering, Development
• Tailor Leidos Engineering procedures to meet program requirements and standards.  
• Support proposal efforts and other tasks, as required

Required Qualifications/Education/Experience

•    B.S. in Cyber Security, Computer Science, Information Technology, or related field and 4 – 8 years of prior relevant experience or Masters with 2 – 6 years of prior relevant experience or 12+ years’ of experience in lieu of degree

•    Must hold current DoD-8570 IASE Level 2 baseline certification (CISSP, CISSP-Associate, CSSLP, or CASP+ CE)

•    Experience with Risk Management Framework (RMF)

•    Demonstrated hands-on experience with vulnerability scanning solutions

•    Demonstrated hands-on experience with the DOD Information Assurance Vulnerability Management program

•    Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, defense-in-depth and common security elements

•    Experience with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security

•    Knowledge of Department of Defense (DoD) 8500 series instructions, Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS) guidelines and (NIST) 800 series to ensure compliance of deployed and local infrastructure assets

Required Security Clearance:  Secret