Junior Cybersecurity Risk Management Analyst

Description

Leidos has an immediate opening for an entry-level Cybersecurity Risk Management Analyst to join our Corporate Information Security Group.

In this role, you will perform cyber risk assessments on enterprise environments, suppliers, and software to identify cybersecurity risks, provide remediation recommendations and facilitate risk treatment. In addition, you will participate in software supply chain risk analysis and static code security scan evaluation. You will lead cyber projects, as well as collaborate closely with business stakeholders, supplier contacts, and other IT service teams on documentation, POAMs, network security design, implementation, threat mitigation. You will provide risk management decisions with regards to company solutions, policies, and security practices.

Primary Responsibilities

• Independently and collaboratively conduct cybersecurity assessments of suppliers and environments according to prescribed evaluation criteria and/or policies/regulations and deliver within established timeframes
• Provide security profiling analysis for a wide range of network security technologies including, but not limited to: IPS/IDS, NAC, VPN, proxies, routers, and switches
• Communicate internally and externally with stakeholders regarding risk reviews, both written and verbal, and work extensively with cross-functional teams
• Identify, assess, and manage complex IT environment risks and provide threat profiles and security recommendations for complex IT environments & sourcing decisions
• Independently review and analyze third party COTS and Open-Source code/software for enterprise risk, performing Static Code Analysis scans and analysis and investigating code vulnerabilities
• Participate in risk management efforts and present written and verbal risk guidance for enterprise activities to stakeholders
• Produce quality cybersecurity risk assessment reports as well as internal risk management procedure documentation

Basic Qualifications

• US Citizenship is required and eligible for federal security clearance
• Bachelor of Science degree in an Information Technology or Cyber Security major (in lieu of bachelor’s degree, 4 years of work experience in a cyber security role and professional cyber certifications may be considered to meet time requirements)
• Experience with scripting and programming
• Knowledge of network security as well as ability to read network security diagrams and data flow charts
• Understanding of critical thinking to solve complex technical problems and devise innovative solutions
• Excellent project and time management skills
• Experience and ability to work well in a remote role/team
• Demonstrated excellent verbal and written communication skills

Preferred Qualifications

• Knowledge of federal standards such as NIST SP 800-53, NIST SP 800-171, NIST SP 800-37, NIST SP 800-60, and FIPS 199/200
• Understanding of reviewing third party supplier security controls, including cloud SaaS, IaaS, and PaaS providers
• Understanding of risk management lifecycle and methodologies
• Relevant Professional Security Industry Certifications such as Security+ through accrediting bodies such as the DoD, ISC2, ISACA, SANS or Comp TIA
• Understanding of the security implications of firewall, router, proxy and intelligent switch rule base configuration settings as well as the provisioning, deployment, configuration, and/or administration of enterprise network security solutions and devices
• Expertise running and analyzing static application security tests and detecting, prioritizing, and remediating open-source risks
• Experience in software engineering and secure software development

Pay Range

Pay Range $53,300.00 - $82,000.00 - $110,700.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote