Cyber Analyst - ConMon

Overview

Leidos is seeking multiple Con Mon Analysts to oversee and monitor authorized IT systems (re-authorization and new systems) throughout their lifecycle for security posture impact. These positions can be based out of any of our three locations - Alexandria, VA, Fort Meade, MD, or Chambersburg, PA.

These positions are primarily on-site, but some partial telework may be available at the discretion of our customer and program management. Maximum starting salary for these positions is $70,000/year for Level I and $92,000/year for Level II. The requirements for each level are listed in the Basic Qualifications section below.

• Analyze proposed or actual system changes to determine security impact, and assess security controls and their effectiveness.
• Utilize Qmulos, Splunk, ACAS, Axonius, Check Mark, BURP, and ESS to assess, validate, and monitor enterprise and system-level security controls.
• Develop and maintain the DISA RE5 Con Mon Strategy to support the A&A mission.
• Create and update the DISA RE5 Con Mon SOP, outlining required activities and artifacts that include the oversight and monitoring of IT systems throughout their lifecycle.
• Conduct continuous assessments of security controls, perform automated/manual security control monitoring of information systems and provide IS / Security Control Status Reports based on live data from security monitoring tools.
• Ensure ongoing assessments are in compliance with industry auditor standards to monitor security, vulnerabilities, and threats.
• Ensure Con Mon-related controls are properly implemented in RMF packages within eMASS.
• Report system risk status using the DISA-approved reporting tool.
• Maintain the Con Mon Dashboard, tracking compliance, POA&M status, CMRS visibility, asset management, FISMA reviews, and annual validations.
• Track automated and manual security controls, identifying overdue assessments and validations.
• Coordinate with System, ACAS, and HBSS/ESS Administrators to resolve credentialing and data issues.
• Provide real-time security status metrics based on the Con Mon Strategy and SOP and alert Leidos and government leadership of security posture changes with negative impact.

Come break things (in a good way). Then build them smarter.

• Active DoD Top Secret clearance with SCI eligibility required
• Current DoD 8570 IAM II or IAT II certification
• Proficiency in one or more of the following tools:
  Qmulos, Splunk, ACAS, Axonius, Check Mark, BURP, and HBSS
• Understanding of the RMF process, NIST SP 800-37, NIST SP 800-53, CNSSI 1253
• VMP experience
• Strong communication, presentation, and customer service skills
• Education and experience as required per job level:
• Level I:
  Bachelor s degree (IT-related field preferred) and three (3) years of overall experience in cybersecurity or network security position. Additional relevant experience may be considered in lieu of degree. Understanding of security architecture, system hardening, vulnerability management, and intrusion detection/prevention.
• Level II
  :
  Bachelor s degree (IT-related field preferred) and five (5) years of overall experience in cybersecurity or network security position. Additional relevant experience may be considered in lieu of degree. Experience in developing, implementing, and conducting a continuous monitoring program for a large organization. Demonstrated proficiency in security architecture, system hardening, vulnerability management, and intrusion detection/prevention.

We are Leidos. We solve high-stakes problems with code, caffeine, and a healthy disregard for “how it’s always been done.”

Pay Range: $67,600.00 - $