Description The Leidos HUD End User Services (EUS) Team currently has an opening for an Information System Security Risk Analyst to support the Department of Housing and Urban Development (HUD). This is an exciting opportunity to use your experience assisting with HUD's cyber security mission. In this mission, we seek to expand HUD's current IT Shared Services and to modernize and standardize the current information technology (IT) environment. Primary Responsibilities:
- Provide security vulnerability management, and policy/compliance support on HUD HITS network of 13,000 devices. Provide incident response for viruses/malicious code/breaches.
- Conduct security risk assessments and compliance on General Support Systems, utilize tools for vulnerability management, and patch management (SCCM), Intrusion Detection System (IDS). Perform daily management of IBM Site Protector Intrusion Detection System, SumoLogic audit logging collection tool, Security Center, and Nessus for scanning.
- Provide network security support for SonicWall SSL VPN appliance and ForeScout CounterACT. Ensure comprehensive device visibility and LAN device authentication.
- Weekly response and track remediation to Department of Homeland Security (DHS) for NCATS reporting.
- Write Initial Privacy Assessments (IPA), Privacy Impact Analysis (PIA) & PICLA (Civil Liberties), Privacy Threshold Analysis (PTA), and Risk Assessments.
- Produce reports for Continuous Diagnostics and Mitigation (CDM).
- Perform investigative searches in audit logs utilizing Tenable Log Correlation Engine (LCE).
- Experience in system engineering, development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A).
- Thorough knowledge of applicable NIST Special Publications (800-18, 800-34, 800-37 Rev. 1, 800 53\53A Rev. 5, 800-60 Rev. 1, 800-137, 800-144) and FIPS 199 and 200 as they pertain to RMF
- Develop and maintain System Security Plans (SSP) for networks and systems and conduct periodic compliance reviews of SSP.
- Thorough knowledge and daily use of Cyber Security Assessment and Management (CSAM).
- Utilize Plan of Action and Milestones (POAM) to identify and correct weaknesses in existing processes.
- Prepare status reports and coordinate remediation responses to vulnerabilities or audit result findings.
- Perform investigative searches of security relevant logs in response to incidents.
- Develop security audits for Operating System compliance against CIS and STIG benchmarks.
- Ensures a minimum of 95% Vulnerability patch compliance for systems on the customer's network.
Basic Qualifications
- Bachelor of Science Computer Network and Cybersecurity
- 10+ year(s) related experience or equivalent experience, training and/or industry security certifications. Requires deep understanding of and ability to apply principles, theories, and concepts of technical domain.
- Must possess current Housing and Urban Development (HUD) Public Trust clearance.
- Industry Cyber Security Certifications such as Information Systems Audit and Control Association Certified Information Systems Auditor (CISA), CompTIA Security +
Preferred Qualifications Ability to wo independently to achieve day-to-day objectives with significant impact on operational results or project deliverables. Responsible for entire projects or processes within a technical area.
Original Posting Date:2024-11-21
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. #Remote
|