Cybersecurity Authorization Services RMF SME

Posted:
8/15/2024, 9:21:05 AM

Location(s):
Wildschönau, Tyrol, Austria ⋅ Tyrol, Austria

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
Remote

More About the Role:
Leidos is seeking a Cybersecurity Authorization Services (Cyber IA) Risk Management Framework Subject Matter Expert to support the Service Management, Integration, and Transport (SMIT) contract, the largest IT services program for the Navy. Under SMIT, the Leidos team delivers the core backbone of the Navy-Marine Corps Intranet (NMCI), including areas such as cybersecurity services, network operations, service desk, voice & video, messaging & mobility, and data transport.  The Leidos team supports the Navy in unifying its shore-based networks and data management to improve capability and service while also striving for cost efficiencies and savings by focusing efforts under one enterprise network.  The successful candidate will support the engineering (planning, designing, and implementing) for cyber services for the NMCI.

As a senior leader within the SMIT Engineering organization, the successful candidate will also be responsible for the Cybersecurity Authorization Services, Solution Information Security System Engineering (ISSE) services execution ensuring systems are maintained per security policies and procedures and maintaining compliance and ongoing reporting to senior SMIT leadership (Leidos and Navy).

•Lead and drive enterprise-wide activities involving both NMCI Engineering and Operations to elevate, develop, maintain and restore security compliance in a timely manner to meet ATO timelines and requirements.
•Effectively and proactively manage cross-organization dependencies necessary for the successful implementation of RMF for solution delivery and Cybersecurity Authorization services.
•Work with project managers to determine schedules, identify risk, and ensure accurate reporting of status to program leadership and the government Cyber leadership team
•Manage the day-to-day activities of RMF ATO and ASR security control management services.
•Lead and participate in regular briefings with the customer on cybersecurity status, including preparing briefing materials. 
    -Author, review, coordinate and submit cybersecurity authorization required artifacts in eMASS (including change requests) to achieve milestones such as Interim Authority to Test (IATT) and Authorization to Operate (ATO) in      accordance with the project and program level schedules. 
    -Develop and maintain system security documentation, including drafting, reviewing, editing and recommending guidance for Standard Operating Procedures (SOP), Tactics, Techniques, & Procedures (TTP), Plan of Action and Milestones      (POA&M) and Federal Information Security Management Act (FISMA) Score Card.
    -Evaluate software and hardware during pre-acquisition phases to determine its ability to meet minimum security requirements based on NIST SP 800-53 Rev4 security controls.
    -Comply with current Cybersecurity and IA manuals, instructions, and guides within the DoDI 8500.01 and DON 5239.
•Work closely with government Cyber leadership team to support ATO and ASR conditions and requirements.
•Participate in strategic network, security, and operations new technology planning.

What You'll Get to Do:
•Serve as a primary interface for the customer and Leidos program leadership to answer questions, address concerns, and provide status/updates around solution ISSE activities.
•Serve as a primary interface for the A&A team for senior program leadership and internal project managers, driving the teams’ technical deliverables and progress.
•Oversee the Solution ISSE team enterprise-wide activities to create/maintain the necessary RMF packages for Authorization as required by existing solutions or what is planned for implementation.
•Oversee the planning of upgrades, replacements, configuration changes, and other applicable changes regarding impacts to ATO validation efforts.
•Review Statement of Objectives (SOOs) and develop Basis of Estimates (BOEs) for cyber service Solution ISSE areas.
•Lead analysis, review, and validation with customers, stakeholders, and team members for NMCI projects and changes related to cyber Solution ISSE services.
•Comply with ITSM processes and procedures, Model Based Systems Engineering (MBSE) governance, and Cybersecurity requirements within the DoDI 8500.01 and DON 5239.
•Develop and maintain processes, checklists, and procedures necessary to support cyber authorization Solution ISSE services.
•Perform manager functions such as department meetings, performance management, timecard approvals, one-on-ones, training, etc., to provide employees with appropriate Leidos management/oversight.
•Manage subcontractor activities and plans for any subcontracted workload.

You'll Bring These Qualifications:
•Typically requires a BA/BS Degree or equivalent experience and 12-15 years of prior relevant experience or Masters with 10-13 years of prior relevant experience (in System Engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or related discipline from an accredited college or university). Generally, has 4+ years of experience supervising or leading teams or projects.
•Eight (8) or more years’ experience on programs and contracts of similar scope, type, and complexity.
•Must be a U.S. Citizen and possess an active Secret clearance to start the program.
•Technical knowledge and skills in one of the following areas: cybersecurity assessment, vulnerability scanning, integration and testing, data analytics or security operations.
•In depth knowledge of cybersecurity assessment and authorization (A&A) ISSE services and associated processes, procedures, and activities in accordance with DoDID 8500.01, DoDI 8551.01, and other applicable NIST instructions, guidelines.
•Experience supporting the formal Cybersecurity/IA testing required by government authorization authorities and preparing System Security Plans.
•Technical understanding of supporting security initiatives, conducting security monitoring, reporting and maintaining security compliance following security regulations and policies.
•Experience with Security Engineering and Architecture, Certification and Accreditation, Vulnerability Assessment, Incident Management, Vulnerability Management, Security Operations, and Policy and Program Development.
•Experience managing direct employees and overseeing subcontractors and demonstrated ability to form/lead high performing IA teams and program IA efforts.
•Motivated self-starter with ability to lead and work in a matrix organization and communicate effectively with peers, subordinates and program leadership.
•Ability to drive team performance as well as employee culture change and transformation including driving continuously improved service delivery.
•Ability to multi-task, self-assign work in a dynamic, fast-paced environment.
•Exceptional communication abilities, both verbal and written, including business writing on complex topics.
•Lead cybersecurity tasks and collaborate with customers, stakeholders, and team members. 
•Experience and ability to successfully negotiate and influence others to understand and accept new concepts, practices and approaches. 
•Strong analytical, communication and troubleshooting skills that enable proactive and effective collaboration with a virtual team, including the ability to clearly articulate status and present to both customers and program leadership. 
•Mentor and review the work of junior team members.
•Possesses broad knowledge base with key IT technologies, system engineering, IT processes and lifecycle methodologies, technical project execution and management, and IT modernization and transformation.
•Travel may be required.

These Qualifications Would be Nice to Have:
•Hold an active security certification that meets DOD 8570 IAT level III, such as CISSP.
•Prior experience managing remote employees and teleworkers.
•Prior experience with Navy customer and mission partner set.
•Certifications:
    -CISSP.
    -ITIL.
    -PMP.
    -Navy Qualified Validator certification a plus.

Original Posting Date:

2024-08-15

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $122,200.00 - $220,900.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Leidos

Website: https://www.leidos.com/

Headquarter Location: Reston, Virginia, United States

Employee Count: 10001+

Year Founded: 1969

IPO Status: Public

Industries: Computer ⋅ Government ⋅ Information Services ⋅ Information Technology ⋅ National Security ⋅ Software