Cybersecurity Specialist - Junior
Leidos · Reston, VA
- On site
- Full-time
- $70,000 / year
- Reston, VA
Job highlights
- Support cybersecurity operations and security posture enhancement.
- Implement security controls for mission systems.
- Collaborate with multidisciplinary technical teams.
- Ensure compliance with federal cybersecurity requirements.
- Contribute to DevSecOps lifecycle security strategies.
About the role
Job Summary
Leidos is seeking a Junior Cybersecurity Specialist to support its Intel Security Sector. This role focuses on implementing and maintaining security operations, including logging, monitoring, alert management, incident response, vulnerability management, and configuration management. The specialist will collaborate with multidisciplinary teams to enhance the security posture of mission systems and ensure compliance with cybersecurity requirements throughout the DevSecOps lifecycle.
Responsibilities
- Support the secure architecture, design, and implementation of DoD systems in accordance with DoDI 8510.01, NIST SP 800-53, and other DoD security guidance.
- Lead the integration of RMF activities into the system development lifecycle (SDLC), including selecting, implementing, and validating security controls.
- Develop and maintain key security documentation such as System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and Plan of Action and Milestones (POA&Ms).
- Collaborate with ISSOs, ISSMs, developers, and system owners to ensure systems are developed and maintained with approved security configurations.
- Apply Security Technical Implementation Guides (STIGs) to systems and validate compliance using tools such as SCAP, STIG Viewer, and ACAS.
- Apply security patching.
- Maintain application, network, and database scanning infrastructure (application/product updates, database maintenance, benchmark/audit files, application/server builds, rule pack/content updates, scanner, or agent deployment etc.).
- Analyze vulnerability scans and ensure timely mitigation or acceptance of risks based on DoD policies.
- Provide technical input to support and maintain system authorization.
- Participate in system reviews, architecture assessments, and engineering design reviews to embed cybersecurity from the outset.
- Develop and implement automation or security tools to improve the compliance and monitoring of systems.
- Support security incident response and forensics analysis in coordination with ISSMs and Security points of contact.
Clearance Requirements
Active TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.
Required Experience, Skills, And Education
- Bachelors degree and less than 2 years of experience. Entry-level Cybersecurity experience including internships. Additional years of experience in lieu of degree are accepted.
- Experience with reviewing cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified systems, network, application and database vulnerabilities and applying security patching.
- Active TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.
- Due to the nature of the government contracts we support, US Citizenship is required.
- Understanding of Microsoft Windows and/or Linux/UNIX operating systems.
- Experience with middleware / web technologies (Apache, tomcat, IIS, etc.).
- Experience with Databases (Postgres, MS SQL, MySQL, ElasticSearch, etc.).
- Understanding of TCP/IP networking.
- Experience with Continuous Integration and Continuous Delivery Platforms (Jenkins, Bamboo, GitlabCI TFS, etc.).
- Familiar with NIST 800-171, 800-172, NIST SSDF, and CMMC requirements.
- Experience supporting DoD/IC systems through the entire Risk Management Framework Plus (RMF) process.
- Experience with System Security Engineering management processes to integrate security and privacy controls into complex hardware and software systems.
- Experience developing and reviewing security concept of operations, systems security plans, security risk assessments, contingency plans, configuration management plans.
- Experience with incident response plans, plan of actions and milestones, risk management plans, and vulnerability management plans.
- Strong communication skills; able to successfully communicate with management personnel, technical personnel and third parties.
Preferred Experience, Skills, And Education
- Bachelor’s degree in Computer Science, Data Science, Engineering, Information Systems, or related technical discipline. An additional 4 years of experience may be substituted in lieu of degree.
- Three years of experience in the field with at least a portion of the experience within the last two years.
- Software development/coding experience with programming languages such as Python, Java, and React.
- Successfully achieved ATO under RMF+.
- Experience with big data applications.
- Experience with tools for ticketing and documentation (e.g., Gitlab, Jira, Confluence).
- Experience working in an Agile environment.
- Experience with OIDC or Oauth2.
Key Skills/Competency
- Cybersecurity
- Risk Management Framework (RMF)
- Vulnerability Management
- Incident Response
- Security Logging
- Security Monitoring
- Compliance
- STIGs
- NIST
- DevSecOps
Skills & topics
- Cybersecurity Specialist
- Junior Cybersecurity
- Cybersecurity
- Information Security
- RMF
- NIST
- STIGs
- Vulnerability Management
- Incident Response
- DoD Security
- TS/SCI
- DevSecOps
- Security Operations
- Compliance
- Leidos
How to get hired
- Tailor your resume: Highlight relevant cybersecurity experience, internships, and knowledge of DoD/IC systems and RMF.
- Showcase technical skills: Emphasize experience with operating systems, middleware, databases, networking, and CI/CD platforms.
- Address clearance requirements: Clearly state your active TS/SCI clearance and willingness to obtain polygraph.
- Demonstrate communication: Prepare examples of how you've communicated technical information to various audiences.
- Research Leidos: Understand their mission, values, and commitment to cybersecurity and government solutions.
Technical preparation
Familiarize yourself with NIST SP 800-53 and RMF.,Practice applying STIGs and analyzing scan results.,Understand Windows/Linux OS and networking basics.,Learn about CI/CD platforms like Jenkins or GitLab.
Behavioral questions
Describe a time you identified a security vulnerability.,How have you collaborated with technical teams?,Explain a complex security concept simply.,How do you manage competing priorities in security?
Frequently asked questions
- What is the career outlook for a Junior Cybersecurity Specialist at Leidos?
- The career outlook for a Junior Cybersecurity Specialist at Leidos is strong, given the company's focus on government and defense contracts that require robust cybersecurity measures. Leidos emphasizes professional growth, offering opportunities to advance within the Intel Security Sector and gain experience across various cybersecurity domains.
- What specific cybersecurity frameworks and standards are most important for this role at Leidos?
- This role at Leidos heavily emphasizes adherence to DoD and federal cybersecurity standards. Key frameworks and standards include DoDI 8510.01, NIST SP 800-53, NIST 800-171, NIST 800-172, NIST SSDF, CMMC, and the Risk Management Framework (RMF) process. Familiarity with Security Technical Implementation Guides (STIGs) is also crucial.
- Does Leidos offer training or support for obtaining a TS/SCI with Polygraph clearance?
- While the job description requires an active TS/SCI clearance with the ability to obtain a polygraph, companies like Leidos often support employees in maintaining and upgrading their security clearances as needed for specific contracts. It's advisable to inquire about specific support during the application or interview process.
- What kind of collaboration can I expect as a Junior Cybersecurity Specialist at Leidos?
- As a Junior Cybersecurity Specialist at Leidos, you will collaborate closely with multidisciplinary teams, including Information Systems Security Engineers (ISSEs), Information Systems Security Managers (ISSMs), software developers, and systems engineers. You'll also work with ISSOs, system owners, and other security points of contact.
- How does Leidos approach cybersecurity within the DevSecOps lifecycle?
- Leidos integrates cybersecurity throughout the DevSecOps lifecycle by assisting in developing, implementing, and maintaining robust security strategies. This includes embedding cybersecurity from the outset of system design and development, ensuring continuous monitoring, and automating security processes to protect mission-critical systems and data.
- What are the primary responsibilities for a Junior Cybersecurity Specialist at Leidos regarding vulnerability management?
- The primary responsibilities include analyzing vulnerability scans, ensuring timely mitigation or risk acceptance based on DoD policies, and applying security patching. You will also maintain scanning infrastructure and review cybersecurity vulnerabilities for risk and relevance.