Continuous Monitoring Analyst SME

Leidos•Gaithersburg, VA

About The Position

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced SME Continuous Monitoring Analyst to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement— helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success. This position offers the opportunity to work on a high- visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Requirements

Top Secret with SCI eligibility security clearance
Bachelor degree in (Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering, Mathematics or Engineering) or higher from an accredited college or university OR Offerings listed in DoD 8140 Training Repository ORGCFA or GCIA
12+ years IT program/project management experience leading Continuous Monitoring and Vulnerability Management activities.
5 or more years IT program/project management experience leading Security tools such as ACAS, HBSS, Tanium, or Splunk.
Successful track record for delivering large/complex projects on time and within budget within DoD Organizations
Ability to evaluate the design and effectiveness of controls and standards to ensure compliancy in accordance with the applicable audits and inspections for an organization.
Ability to lead a fast-paced Splunk dashboard development effort
Expert level understanding of vulnerabilities/weaknesses across complex IT environments and ability to understand applicability of security standards across technologies.
Certifications in Cybersecurity like Security plus, DOD IA /IAT Level III certification
Demonstrated experience with : The planning, coordinating, scheduling, resourcing, tracking, documenting, executing and analyzing audits and inspections within an organization (Expert Level) .
Applying compliance standards to large and complex IT environments.
Communicating and coordinating at a functional and senior government.
Data analysis and developing work products to enable government risk based decisions.
The development and execution of knowledge management best practices and the automation of knowledge management frameworks in order to enhance processes and procedures related to the management of the Continuous Monitoring Program.
The development and coordination of guidance and work products related to issues tracking management, plan of actions and milestones, and ensuring transparency of vulnerabilities within an organization.

Nice To Haves

Active TS/SCI
Certifications in Cybersecurity like Security plus, DOD IA/IAT Level III certification

Responsibilities

Manages and conducts continuous monitoring of security controls, ensuring the protection of classified and unclassified data.
Implements tools and processes to track system performance, security, and compliance, including Risk Management Framework (RMF) requirements, in real time.
Coordinates with cross-functional teams (ISSO, ISSM, engineering, IT, operations) to implement and enforce security protocols and best practices.
Ensures the accreditation process for DoD systems (e.g., RMF accreditation) is completed and maintained in compliance with all applicable requirements.
Develop and maintain the ConMon Strategy
Oversee and monitor all systems (re-authorization and new systems) throughout their life cycle for changes that may impact the security posture of the system
Validate updates to the system security plans and the POA&M in the security assessment and management tool to reflect changes to the IT system
Validate that controls applicable to the automated ConMon reviews are properly implemented as part of the corresponding RMF package in eMASS .
Participate, contribute, and provide information as part of Step 0 and other steps of the RMF process and data call information and provide assistance in kickoff meetings if assessments are needed .
In support of the ConMon program, the SME shall design, develop, maintain , execute and improve a comprehensive ConMon program based on the ConMon Strategy .
Develop and maintain standard ConMon plan templates for ISs.
Collaborate with ConMon Analysts, SCRM, ZeroTrust , ISSM, DevSecOps , System Engineers, ISSOs, and S takeholders to resolve asset visibility and CCRI score issues
Ensure ConMon Deliverables are submitted on-time and with high accuracy
Communicate daily with government stakeholders about system posture, vulnerable systems
Coordinate and facilitate coordination with system administrators, ACAS administrators, HBSS administrators, etc. on issues receiving the acceptable credentialing percentages on scans, HBSS data, etc.
Support the system development lifecycle of a Governance, Risk, and Compliance (GRC) technical solution within the organization .