Senior ISSE/Penetration Tester TS/SCI Polygraph
Leidos · Annapolis Junction, MD · 2 mo ago
On-siteInformation Technology$131k–$237k/yrFull-time
About the role
A Senior ISSE/Penetration Tester (ISSE/PT) is needed to provide support for adding new capabilities to a complex system with exacting interface, performance and security requirements. The selected individual will become part of a team of Security Engineers working on solving challenging issues on a large, significant program.
Responsibilities
- Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.
- Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
- Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
- Assessing and mitigating system security threats and risks throughout the program life cycle.
- Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for various system and networking operations.
- Collaborating with multiple internal technical experts and communicating with Program Managers and customer POCs when necessary regarding security issues of significant importance.
- Working closely with System Engineering, Test Engineering, and Integration teams to ensure that hardware and software architectures and implementations meet security requirements.
- Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.
- Evaluating security solutions to ensure they meet customer specified requirements for processing information.
- Evaluating the impact of new development on the operational security posture of the system.
- Evaluating, reviewing, and testing critical software.
- Serving as a subject matter expert in security architecture to include providing advice to Program Managers, customer technical experts, and internal program teams.
- Formulating security compliance requirements for new system features.
- Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.
- Working with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors and remediation approaches.
- Planning and conducting security verification testing of relevant type 1 devices.
- Performing internal and external pen tests against systems to determine vulnerabilities and develop mitigation strategies.
- Performing web app pen tests.
- Performing vulnerability risk assessments.
- Performing physical pen tests and security engineering analysis and assessing the vulnerabilities/solutions for the pen testing.
Requirements
- Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline, and at least 12 years of relevant experience.
- Extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
- In-depth understanding and extensive experience with security practices and policies and hands-on vulnerability testing using Tenable Nessus scanning products and/or nmap (Network Mapper).
- Experience with Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture, and applying risk assessment methodology to system development.
- Experience applying Risk Management Framework.
- Experience formulating and assessing IT security policy.
- Experience with secure configurations of commonly used desktop and server operating systems.
- Experience with penetration testing tools.
- Experience developing and implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
- Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
- Comfortable working on multiple systems and components simultaneously in various configurations.
- Capable of performing high quality work both independently and with a team in a fast-moving environment.
- Strong verbal and written communications skills.
- Commitment to adopting and adhering to best practices.
Qualifications
- Clearance Required: Must have TS/SCI with Polygraph.
Skills
- DoD 8570 compliance with IASAE Level 2 or 3.
- Information Systems Security Engineering Professional (ISSEP) Certification and/or Computer Information Systems Security Professional (CISSP) Certification.
- Experience with scripting languages.
- Certified Ethical Hacker (CEH).
- Certified Information Security Manager (CISM).
- Certified Web Application Defender (GWEB).
- Certified Information System Security Professional (CISSP).
Benefits
At Leidos, we offer competitive benefits, including Paid Time Off, 11 paid Holidays, 401K with a 6% company match and immediate vesting, Flexible Schedules, Discounted Stock Purchase Plans, Technical Upskilling, Education and Training Support, Parental Paid Leave, and much more.