Security Engineer Security Clearance

Position: Security Engineer with Security Clearance
R
- Description The Digital Modernization Sector at Leidos currently has an opening for a Security Engineer to work in our Lorton, VA office. This is an exciting opportunity to use your experience helping the Homeland Enterprise Information Technology Secure Services & Support (HEITS) Program contracted  this mission we support the Department of Homeland Security to deliver cybersecurity and information assurance services.

Primary Responsibilities The Security Engineer – Linux / Tenable Compliance is responsible for securing and hardening enterprise Linux servers, managing Tenable vulnerability scanning platforms, and driving compliance across on-prem and cloud environments. This role sits at the intersection of operations and governance: building and maintaining secure baselines, tuning Tenable scans, interpreting results, and partnering with engineering teams to remediate findings in line with organizational policies and regulatory requirements.

The ideal candidate has strong hands-on Linux (RHEL/Ubuntu) experience, deep familiarity with Tenable.sc / Nessus, and a proven track record of supporting compliance frameworks (e.g., NIST, DISA STIGs, CIS benchmarks).Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.
* Administer and harden Linux servers (e.g., RHEL, Rocky, Ubuntu) including OS configuration, patching, and security baseline enforcement.
* Install, configure, and maintain Tenable platforms (Tenable.sc, Nessus, Nessus Agents, connectors) to support continuous vulnerability scanning.
* Develop and maintain scanning policies, schedules, and dashboards to provide accurate visibility into security posture.
* Analyze Tenable scan results; validate true positives vs false positives and work with system and application owners to drive timely remediation.
* Map vulnerabilities and configuration findings to relevant compliance requirements (e.g., NIST 800-53, DISA STIGs, CIS benchmarks, organizational policies).
* Support the creation and maintenance of secure configuration baselines and hardening guides for Linux servers and related middleware.
* Generate compliance and vulnerability reports for leadership, auditors, and governance teams; track remediation progress and aging.
* Collaborate with infrastructure, Dev Ops, and application teams to integrate security and compliance into change management, patch cycles, and deployment pipelines.
* Participate in security incident response activities related to Linux hosts, including log review, containment, and forensic support.
* Contribute to SOPs, playbooks, and runbooks for vulnerability management, patching, and compliance monitoring.
* Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.

Basic Qualifications
* Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field and 8+ years experience; or additional equivalent experience may be considered in lieu of a degree.
* 5–8+ years of hands-on experience administering and securing Linux systems in an enterprise environment.
* Active TS/CI government security clearance
* Direct experience with Tenable.sc and/or Nessus for vulnerability management (configuration, policy creation, agent management, reporting).
* Solid understanding of vulnerability management lifecycle: discovery, assessment, prioritization, remediation, and verification.
* Experience implementing or supporting security/compliance frameworks such as NIST 800-53, DISA STIGs, CIS benchmarks, or similar.
* Strong skills in Linux CLI, shell scripting, and basic automation (e.g., Bash, Python, Ansible) to support configuration and remediation.
* Familiarity with log management and SIEM solutions and how they integrate…