Information Assurance Lead

Lead Information Assurance

Leidos is seeking a highly qualified candidate for the Lead Information Assurance position for the Integrated Defensive Cyber Systems Contract. The ideal candidate will have experience with the DoD Assessment & Authorization (A&A) system, RMF Packages, STIGs and ACAS. This position is located near Lackland Air Force Base; all work is onsite.

• Serve as the IA lead and primary point of contact for system owners, developers, ISSOs, ISSMs, and government stakeholders on all cybersecurity compliance matters.
• Create and maintain processes and procedures for use by members of the ISSO team.
• Support the ISSO Team Lead in conducting lessons learned activities to improve the overall productivity and efficiency of the ISSO team.
• Lead all phases of the Risk Management Framework (RMF) process, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop, maintain, and submit complete security authorization packages (System Security Plans, POA&Ms, SARs, etc.) for systems seeking Authority to Operate (ATO).
• Ensure security controls (NIST 800-53) are correctly implemented and documented. Coordinate assessments with Security Control Assessors (SCAs) to validate compliance.
• Establish and manage continuous monitoring strategies, including vulnerability scanning, audit log reviews, and control revalidation.
• Interpret and enforce DoD, DISA, and NIST cybersecurity policies, ensuring system compliance with STIGs, SRGs, and other applicable mandates.
• Oversee routine security scans using tools like ACAS (Tenable.sc/Nessus), SCAP Compliance Checker, and HBSS. Manage findings and coordinate remediation.
• Collaborate with cybersecurity operations teams in the development and testing of incident response plans and provide technical support during incidents.
• Prepare security status reports, metrics dashboards, and briefings for leadership.
• Guide systems through the A&A process to obtain or maintain ATOs in accordance with DoD RMF, component-specific requirements, and document in eMASS.
• Support internal and external audits, including CCRI (Command Cyber Readiness Inspections), by ensuring systems are audit-ready and documentation is current.
• Develop and update Assessment & Authorization (A&A) documentation (Body of Evidence) for management and continuous monitoring of information systems.
• Maintain 800-53 Control Statues and keep STIGs updated in eMASS.

• University degree and 12+ years of prior relevant experience, or additional years of experience accepted in lieu of a degree.
• DoD 8570/8140 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC.
• Minimum of 3 years of experience performing vulnerability scans using Assured Compliance Assessment Solution (ACAS) and STIG assessment tools such as Evaluate-STIG or SCAP.
• Familiarity and experience with the Department of Defense (DoD) and tools, systems, and reporting mechanisms and requirements for certification and accreditation (C&A).
• Experience developing and reviewing security concept of operations, systems security plans, security risk assessments, plan of action and milestones (POA&M), contingency plans, configuration management plans and processing artifacts in XACTA or eMASS.
• Must possess an active Secret clearance and the ability to obtain TS/SCI clearance is required to be considered.

• CISSP
• USAF cybersecurity experience or DoD equivalent.
• TS/SCI

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.