Leidos logo
Leidos

Leidos is an innovation company rapidly addressing the world’s most vexing challenges in national security and health.

Information System Security Officer / Information System Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteMid LevelTeam 10,001+Since 1969H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

1 day ago

Salary

$107.9K - $195.1K / year

Seniority

Mid Level

Job Description

Information System Security Officer / Information System Security Engineer

Leidos

Role Description The DoW Healthcare Management System Modernization (DHMSM) Program is looking for an experienced ISSO/ISSE to join our cyber team in support of the continued development, sustainment, and deployment of the Military Health System (MHS) GENESIS system. MHS GENESIS is deployed globally to over 3700 locations at 138 Medical Treatment Facilities (MTFs), serving 190K users, providing 1100+ clinical workflows delivering medical electronic health record (EHR) capabilities for nearly 10M beneficiaries. The ISSO supports the Cybersecurity Leads with all Risk Management Framework (RMF) Authorization and Sustainment related functions to include: - Maintaining RMF Authorizations for all assigned ATOs including any required IATT, ATO, ASR, RA and ConMon related activities. - Primary cybersecurity review of system architecture and technical artifacts (to include PPSM, diagrams, STIGs, compliance evidence, and policy documentation). - Developing, updating and working with Cybersecurity Leads and LPDH partners to ensure implementation of cybersecurity policies and procedures. - Ensuring assigned systems meet requirements to obtain required authorizations and approvals including IATT, ATO, and ASRs from the assigned Authorizing Official (AO). - Understanding all DOW and DHA RMF policies, procedures, and guidance and keeping up with all changes. - Ensuring eMASS record is maintained in accordance with DHMHSM and DHA requirements. - Assisting with the development of templates and recommending other tools to support risk management and ATO activities, as needed. - Working with CyberOps to ensure all assets are scanned properly and that any scan issues are resolved in a timely manner. - Tracking all issues. - Developing and Maintaining Plans of Action and Milestones (POA&Ms) and Risk Acceptances for all assigned ATOs. - Tracking vulnerability remediation statuses and POA&M closures on a weekly basis for metrics reporting. - Periodically evaluating the effectiveness of all Assessment Procedures for RMF security controls to ensure operational security posture is maintained. - Supporting cybersecurity compliance assessment efforts by providing systems engineering and documentation support. - Ensuring all DoW and DHA cybersecurity-related documentation is current and accessible to properly authorized individuals. - Assisting Cybersecurity Leads in ensuring the project meets identified milestones and requirements. - Contributing to the development of cyber strategies and any associated documentation. - Ensure all users have requisite security clearances and access authorization. - Provide Subject Matter Expertise for customer inquiries. Qualifications - BS degree and 8-12 years of prior relevant experience. - US Citizen with Active Secret Clearance or higher – required. - Minimum of 5 years’ hands-on experience on Defense Health Agency projects in a cybersecurity role. - DoW 8570 Certification. - Proficiency in eMASS. - Prior experience with DoW Accreditation and tools such as eMASS, ACAS, CMRS and HBSS. - Knowledge of networks, cyber defense toolsets and processes. - Strong understanding of related technologies and significant knowledge of networking technologies, operating systems, and security tools, tactics, techniques, and procedures. - Attention to detail. - Excellent written and verbal communication skills. - Experience with network and network security assessments and documenting the results using NIST SP 800-53A (Rev 5). - Strong ability to document recommendations to correct security weaknesses resulting from security assessments. - Experience developing network and network security policies and system security documentation and procedures. - Experience with DoW Information Assurance Vulnerability Management (IAVM) Program. - Experience with Cloud. - Experience with Containers. - Scripting knowledge: PowerShell, Python, Shell Scripting. Requirements - PMP Certification. - A high degree of proficiency in eMASS. - DHA A&A Experience. - Proficiency in ACAS/NESSUS, SCAP. - Experience with Cloud. - Experience with Containers. - Experience with the DoW Information Assurance Vulnerability Management (IAVM) Program. Benefits - Pay Range: $107,900.00 - $195,050.00. - The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. - Additional factors considered in extending an offer include responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Related Categories

Related Job Pages

More Security Engineer Jobs

Quantinuum logo

VP, Facilities, Security & HSE – Global

Quantinuum

We’re advancing quantum computing to solve the world’s most pressing challenges

Full TimeRemoteTeam 201-500Since 2021H1B Sponsor

• Develop and execute global facilities and real estate strategy aligned to business growth and innovation priorities. • Oversee site selection, lease negotiations, capital projects, and portfolio optimization. • Lead design, construction, and operation of complex environments including laboratories, cleanrooms, and technical facilities. • Drive cost efficiency, vendor performance, and long-term asset planning. • Ensure reliability and uptime of critical infrastructure systems (e.g., HVAC, power, specialized lab systems) • Partner with engineering and R&D teams to support advanced technical equipment and experimental environments. • Establish standards for maintenance, lifecycle management, and capacity planning. • Lead global physical and cyber security strategies, including access control, surveillance, incident response, and risk mitigation. • Protect people, intellectual property, and sensitive assets across all sites. • Coordinate with cybersecurity, legal, and compliance teams on integrated risk management. • Build and maintain a world-class HSE program ensuring compliance with all local, national, and international regulations. • Promote a proactive safety culture across laboratories, manufacturing, and office environments. • Oversee risk assessments, audits, training, and incident management. • Lead and scale a high-performing, multidisciplinary global team. • Establish policies, KPIs, and governance models for facilities, security, and safety operations. • Partner with executive leadership on risk, continuity planning, and enterprise resilience. • Manage budgets, capital investments, and vendor relationships.

United States
$344K - $412K / year
Full TimeRemoteTeam 201-500

Role Description Cybersecurity Program Management - Lead coordination efforts with Information Security and Governance Risk & Compliance (GRC) leadership to strategically plan, execute, and oversee cybersecurity initiatives, ensuring alignment with company-wide objectives and regulatory compliance. - Direct and refine ongoing continuous monitoring requirements to ensure effectiveness and audit readiness. - Help lead and participate in FedRAMP audits, driving documentation strategy, POA&M tracking, and interdepartmental reporting between vendors, internal teams, and Security leadership. - Guide the team in identifying and prioritizing improvements for NIST 800-53 control effectiveness and maturity. - Coordination of risk assessments, vulnerability management activities, and security training schedules in collaboration with key stakeholders. IT Program Management - Partner and collaborate across the organization to align on strategic objectives and shape roadmaps IT and Security navigating complex, high-impact projects, with agility to re-prioritize as needed. - Drive initiatives to streamline operational efficiency, and maximize software utilization across the enterprise. Governance, Risk, and Compliance (GRC) - Collaboration with the GRC team to ensure policies, procedures, and standards are proactively updated to maintain alignment with evolving compliance frameworks. - Facilitate security risk assessments, ensuring thorough documentation of critical risks and establishing measurable strategies to drive risk mitigation and accountability. Incident Response - Provide strategic input in incident response planning and execution, contributing to the design of response processes and assisting in escalation and resolution of security incidents as needed. Project Management - Drive delivery of complex, cross-functional projects—from requirements gathering through implementation—defining schedules, scopes, and mitigation plans for enterprise-level initiatives. - Demonstrate expert-level capability in managing multiple, concurrent initiatives with conflicting priorities and tight deadlines, ensuring alignment with organizational goals. - Optimize use of project management tools such as Jira or Notion to enhance transparency, reporting, and collaboration. Qualifications - 10+ years of progressive experience in cybersecurity, FedRAMP, or IT program management with a proven track record of leading large-scale security or compliance programs. - Demonstrated leadership in Program Management related activities, including continuous monitoring, documentation, and third-party assessments. - Deep expertise in NIST frameworks (800-53, 800-30, 800-161) with the ability to advise teams and influence policy and control implementation. - Experience overseeing multiple compliance programs (e.g., SOC 2 Type 2, HIPAA, SOX ITGC) and ensuring cross-functional coordination for audit readiness. - Strong executive communication skills with the ability to present complex security topics to both technical and non-technical audiences. - Advanced problem-solving, strategic thinking, and decision-making abilities in complex IT environments. - U.S. citizenship required due to federal compliance. - Must meet identification verification requirements prior to start. - Demonstrated ability to thrive in high-pressure, fast-paced environments while managing competing priorities. - Open to Remote candidates. Preferred - Industry-recognized certifications such as CISA, CISSP, or PMP. - Experience with security and monitoring tools such as Jira, Splunk, Tenable, and Trend Micro. - Strong knowledge of cloud architectures, especially AWS and associated services. Compensation Range $144,000 — $195,000 USD A candidate’s final salary offer will be based on their skills, education, work location and experience, and thus it may differ from the posted range. Compensation may also include bonuses consistent with Ceribell’s corporate compensation plan. Note, the above description is not all-encompassing and Ceribell reserves the right to change or modify job duties and assignments at any time. Benefits - Performance-based incentive compensation (varies by role) - Equity opportunities - 100% Employer paid Health Benefits for Employees - 50% - 70% Employer paid Health, Dental & Vision for dependents (depending on plan selection) - 100% paid Life and Long-Term Disability Insurance - 401(k) with a generous company match - Employee Stock Purchase Plan (ESPP) with a discount - Monthly cell phone stipend - Flexible paid time off - 13 Paid Holidays + 3 Company Wellness Days - Excellent parental leave policy - Fantastic culture with tremendous career advancement opportunities - Joining a mission-minded organization! Application Deadline Ongoing Other Job Details Ceribell reports transfers of value to health care providers (HCPs) as required by federal and state transparency laws. These laws and implementing regulations require Ceribell to provide government agencies with HCPs’ names, addresses and the type of payments or other value received, generally for public disclosure. If you are an HCP and we pay or reimburse your recruiting expenses as a result of interviewing with Ceribell, your name, address and the amount of payments made may be reported to the government. Equal Opportunity Employer Ceribell is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity or expression, national origin, age, marital status, disability, veteran status or any other characteristic protected by law. Ceribell complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Ceribell is an E-Verify employer. Any applicant with a disability who requires an accommodation during the application process should contact talent@ceribell.com to request reasonable accommodation. Privacy Statement For information on how Ceribell processes personal data of job applicants, please review our Privacy Policy. Compliance Disclaimer If you believe this job posting is non-compliant, please submit a report to legal@ceribell.com. Please note that we will not respond to inquiries unrelated to job posting compliance.

United States
$144K - $195K / year
May Mobility logo

Product Cybersecurity Engineer

May Mobility

Transforming cities through autonomous technology to create a safer, greener, more accessible world.

Full TimeRemoteTeam 51-200Since 2017H1B Sponsor

• Integrate security practices — threat modeling, architecture reviews into product development workflows from requirements through release. • Provide early security input on hardware, firmware, and software design decisions, including third-party and supply chain risk considerations. • Write, review, and validate security requirements across hardware and software domains; enforce secure coding standards and perform security analysis on main compute systems. • Assist with maintaining Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) using dedicated SBOM tooling to ensure component visibility, vulnerability tracking, and supply chain transparency across products. • Apply security lenses during safety and functional assessments in collaboration with safety, systems, and software teams. • Assist in proactive vulnerability patching and support secure update strategies using product security tooling for threat modeling and risk profiling. • Conduct hazard and threat analyses (TARA/HARA) early in the architecture and development lifecycle. • Analyze and harden the security architecture of vehicle subsystems and autonomous stacks; define system- and product-level security requirements and ensure validation coverage. • Assist senior level engineers with Ethernet, in-vehicle networking, and cloud interface configuration, including port security and network segmentation. • Maintain working knowledge of R155/156, ISO 21434 and UL 4600; support internal audits, risk assessments, and compliance documentation. • Engage with Auto-ISAC to track emerging threats, attack vectors, and industry best practices. • Work across teams such as cybersecurity, hardware, and product engineering — providing architectural security design feedback. • Assist with fostering a security-first culture across the organization through integrated best practices and awareness programs. • Perform additional responsibilities as directed by your manager.

United States
$100K - $155K / year
Voyager Technologies logo

Director of Cybersecurity

Voyager Technologies

Delivering transformative, mission-critical solutions from ground to space.

Full TimeRemoteTeam 501-1,000Since 2019H1B No Sponsor

• Develop and execute Voyager's cybersecurity strategy, roadmap, governance model, and operating rhythms. • Lead enterprise security programs that protect corporate systems, engineering environments, cloud services, collaboration platforms, and regulated data. • Translate business, program, and government requirements into practical cybersecurity priorities, policies, controls, and investments. • Report security posture, risks, incidents, remediation progress, and strategic needs to the CIO and senior leadership. • Lead security monitoring, alert triage, incident response, forensics coordination, vulnerability management, threat intelligence, and remediation tracking. • Establish incident-response playbooks, tabletop exercises, escalation paths, and communication protocols for security events. • Oversee SIEM, EDR, email protection, vulnerability scanning, identity protection, logging, and related security tooling. • Partner with IT operations and networking teams to reduce attack surface, strengthen endpoint hygiene, and improve detection and response. • Serve as a security architecture leader for application, cloud, identity, network, endpoint, and collaboration initiatives. • Guide secure design for Microsoft 365, GCC High or government-cloud environments, identity platforms, endpoint management, and network segmentation. • Drive risk assessments, control design, exception management, and remediation prioritization across enterprise systems. • Evaluate emerging technologies and security products that improve Voyager's resilience, visibility, and operational effectiveness. • Partner with compliance, legal, contracts, and program teams to support CMMC, NIST SP 800-171, DFARS, ITAR/EAR, CUI, NASA, and DoD security obligations. • Ensure security controls and evidence support audit readiness, government reviews, prime contractor assessments, and proposal requirements. • Support secure handling of controlled unclassified information, export-controlled technical data, and classified-program requirements as applicable. • Coordinate cybersecurity requirements with facility security, program security, and enterprise risk stakeholders. • Build, lead, and develop cybersecurity talent, including internal staff, external partners, and managed security providers. • Manage security vendors, contracts, budgets, licensing, and technology performance. • Communicate clearly with technical teams and executive audiences, including in sensitive or time-critical situations. • Promote a security culture that is practical, mission-aware, and focused on enabling Voyager teams to move quickly and safely.

Colorado
$175K - $265K / year