Cyber Compliance / Inspections Analyst

Posted:
12/17/2024, 6:57:28 AM

Location(s):
Alexandria, Virginia, United States ⋅ Virginia, United States

Experience Level(s):
Junior ⋅ Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

The Digital Modernization sector at Leidos i seeking a Site Assistance Visit Analyst to join our team in Alexandria, VA. This is a hybrid position offering partial telework (up to 50%) after a brief ramp up period (first 3-4 weeks spent 100% on-site).

Primary Responsibilities:

  • Conduct cybersecurity related audits, inspections, vulnerability assessments, compliance assessments, Security Readiness Review (SRR), and ensure compliance with Cyber Security Service Provider (CSSP) and Command Cyber Readiness Inspection (CCRI) evaluation criteria. 
  • Execute Site Assistance Visits (SAVs) to ensure regulatory compliance with Command Cyber Operational Readiness Inspection (CCORI), Public Key Infrastructure (PKI), North Atlantic Treaty Organization (NATO), and Balanced Survivability Assessment (BSA).
  • Track and report completion/closure of inspection findings documented in POA&Ms and other action item in the Inspection Findings Reports
  • Identify systems and assets that are not sufficiently assessed through automated scanning or routine, periodic assessments and recommend and/or conduct customized, manual assessments of systems as required to ensure proper evaluation for compliance
  • Track and maintain Post Inspection Finding Remediation and Plan of Actions and Milestones (POA&M) Status Report for all inspections
  • Validate remediation of the findings or submit the artifacts/or POA&Ms to inspecting organization for approval
  • Perform technical, operational, and non-technical CCRI evaluation areas including, internal and external network infrastructure, Domain Name System (DNS), internal network vulnerability scan, wireless and mobile security, enclave security, Host Based Security System (HBSS), configuration reviews, traditional/physical security, releasable (REL) networks, database security, cross domain solutions, Voice over Internet Protocol (VoIP), Voice over Secure Internet Protocol (VoSIP), Video Teleconference (VTC), exchange services, different operating systems (specifically UNIX, Windows, Linux), web servers, REL networks and compliance directives.

Basic Qualifications:

  • Active TS/SCI
  • DoD 8570 IAT II compliant certification (ie, Security+, etc.)
  • Bachelor's degree and 4-8 years' directly relevant experience (additional experience may be considered in lieu of degree)

About Us:

Through the Risk Management Executive (RME) Cybersecurity Task Order on our GSM-O contract, we identify, assess, and prioritize risks to DISA and DoD mission partners, as well as develop risk mitigation strategies to increase the security posture of systems, networks, programs, and data in the face of internal and external threats.  Our overall mission is to ensure DISA’s information systems, assets, and enclaves possess the necessary security measures to ensure their confidentiality, integrity, and availability as well as maintain RME’s adherence to DoD, DISA, and National Institute of Standards and Technology (NIST) approved cybersecurity and Risk Management Framework (RMF) policies, standards, and guidelines.

TN10

Original Posting Date:

2024-12-17

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $85,150.00 - $153,925.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.