Lead Security Engineer with TS/SCI Poly

Leidos•Annapolis Junction, MD

About The Position

Lead Security Engineer Leidos has a new and exciting opportunity for a Lead Security Engineer in our Intel Sector's Cyber & Analytics Business Area (CABA). Our talented team is at the forefront in Security Engineering, Computer Network Operations (CNO), Mission Software, Analytical Methods and Modeling, Signals Intelligence (SIGINT), and Cryptographic Key Management. At Leidos, we offer competitive benefits, including Paid Time Off, 11 paid Holidays, 401K with a 6% company match and immediate vesting, Flexible Schedules, Discounted Stock Purchase Plans, Technical Upskilling, Education and Training Support, Parental Paid Leave, and much more. Join us and make a difference in National Security! Job Summary Leidos is seeking a Lead Security Engineer to support a mission-critical program, offering a challenging and rewarding opportunity for a hands-on technical leader in the security domain. The selected individual will lead all security engineering efforts for a large, complex network environment with geographically distributed systems; and will manage a team of Information Systems Security Officers (ISSOs) and Information Systems Security Engineers (ISSEs), providing technical leadership and direction to meet program requirements. The selected individual will mentor the team in sound information systems security engineering practices and will be heavily involved in system testing. The selected candidate will work closely with other engineers and technical experts to enhance operational, test, integration, and development environments. Responsibilities include ensuring and maintaining Authorizations to Operate (ATOs) for all System Security Plans (SSPs), and ensuring compliance with Secure the Enterprise/Secure the Network (STE/STN) requirements.

Requirements

Master’s degree in Information Technology, Information Assurance, or related field, and at least 15 years of relevant experience. Additional experience may be substituted for a degree.
At least 10 years of experience leading large, diverse Security Engineering teams, leading ISSO and ISSE teams.
Current active CISSP certification.
Certified Scrum Master certification.
At least 5 years of experience applying Agile methodologies in security engineering projects, including Scrum or SAFe frameworks.
Extensive hands-on experience with modern security tools; hardware and software security implementation; communication protocols; encryption technologies; and web services.
Expert-level understanding of security vulnerabilities and remediation techniques, including risk assessment, risk management, and security strategy/design.
Extensive experience formulating, implementing, and assessing IT security policy.
Solid understanding of ATOs, SSPs, and STE/STN requirements.
Direct experience collaborating with software developers, software testers, and integration, deployment, and sustainment teams.
Strong communication and interpersonal skills, with a proven ability to clearly convey program requirements and system compliance challenges to multiple customer stakeholders.
Demonstrated ability to coordinate across multiple internal teams for planning and remediation activities.
Solutions-oriented team player with a high level of self-initiative.
Clearance Required: Must have TS/SCI with Polygraph.

Nice To Haves

At least twelve years of experience with defense-in-depth principals/technology (including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture) and applying risk assessment methodology to system development.
Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration tests, anti-virus planning assistance, risk analysis, and incident response.
Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration tests, anti-virus planning assistance, risk analysis, and incident response.
Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass the development, design, and implementation.

Responsibilities

Responsible for the overall security architecture, ensuring all security requirements are defined, implemented, and verified.
Serve as a security subject matter expert (SME), providing guidance and oversight for the end-to-end security architecture.
Engage with multiple system owners across multiple networks to interpret, negotiate, and refine system and security requirements.
Define and drive security strategy, including risk assessment and management, security control assessment, continuous monitoring, service design, and broader cybersecurity program support.
Identify and analyze security issues across complex, highly integrated systems and environments, and develop clear, actionable remediation recommendations.
Design, develop, and execute static and dynamic application security testing, as well as penetration testing activities.
Partner with development teams to improve understanding of vulnerabilities, attack vectors, and effective remediation techniques.
Lead and mentor a team of program security engineers in day-to-day security engineering activities.
Collaborate with the program security team to ensure STE/STN and continuous monitoring requirements are met for Test, Integration, and Development environments.
Clearly articulate program security requirements, risks, and compliance challenges to multiple customer points of contact.
Coordinate with internal cross-functional teams to plan, prioritize, and execute remediation and other security-related activities.