Jobs · Information Technology · Maryland

Senior ISSE/Penetration Tester TS/SCI Polygraph

Leidos · Annapolis Junction, MD · 2 mo ago
On-siteInformation Technology$131k–$237k/yrFull-time

About the role

A Senior ISSE/Penetration Tester (ISSE/PT) is needed to provide support for adding new capabilities to a complex system with exacting interface, performance and security requirements. The selected individual will become part of a team of Security Engineers working on solving challenging issues on a large, significant program.

Responsibilities

  • Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.
  • Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
  • Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
  • Assessing and mitigating system security threats and risks throughout the program life cycle.
  • Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for various system and networking operations.
  • Collaborating with multiple internal technical experts and communicating with Program Managers and customer POCs when necessary regarding security issues of significant importance.
  • Working closely with System Engineering, Test Engineering, and Integration teams to ensure that hardware and software architectures and implementations meet security requirements.
  • Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.
  • Evaluating security solutions to ensure they meet customer specified requirements for processing information.
  • Evaluating the impact of new development on the operational security posture of the system.
  • Evaluating, reviewing, and testing critical software.
  • Serving as a subject matter expert in security architecture to include providing advice to Program Managers, customer technical experts, and internal program teams.
  • Formulating security compliance requirements for new system features.
  • Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.
  • Working with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors and remediation approaches.
  • Planning and conducting security verification testing of relevant type 1 devices.
  • Performing internal and external pen tests against systems to determine vulnerabilities and develop mitigation strategies.
  • Performing web app pen tests.
  • Performing vulnerability risk assessments.
  • Performing physical pen tests and security engineering analysis and assessing the vulnerabilities/solutions for the pen testing.

Requirements

  • Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline, and at least 12 years of relevant experience.
  • Extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
  • In-depth understanding and extensive experience with security practices and policies and hands-on vulnerability testing using Tenable Nessus scanning products and/or nmap (Network Mapper).
  • Experience with Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture, and applying risk assessment methodology to system development.
  • Experience applying Risk Management Framework.
  • Experience formulating and assessing IT security policy.
  • Experience with secure configurations of commonly used desktop and server operating systems.
  • Experience with penetration testing tools.
  • Experience developing and implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
  • Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
  • Comfortable working on multiple systems and components simultaneously in various configurations.
  • Capable of performing high quality work both independently and with a team in a fast-moving environment.
  • Strong verbal and written communications skills.
  • Commitment to adopting and adhering to best practices.

Qualifications

  • Clearance Required: Must have TS/SCI with Polygraph.

Skills

  • DoD 8570 compliance with IASAE Level 2 or 3.
  • Information Systems Security Engineering Professional (ISSEP) Certification and/or Computer Information Systems Security Professional (CISSP) Certification.
  • Experience with scripting languages.
  • Certified Ethical Hacker (CEH).
  • Certified Information Security Manager (CISM).
  • Certified Web Application Defender (GWEB).
  • Certified Information System Security Professional (CISSP).

Benefits

At Leidos, we offer competitive benefits, including Paid Time Off, 11 paid Holidays, 401K with a 6% company match and immediate vesting, Flexible Schedules, Discounted Stock Purchase Plans, Technical Upskilling, Education and Training Support, Parental Paid Leave, and much more.

Similar jobs