Cybersecurity Compliance & Scanning SME; USAF Cloud One

Description

Leidos was awarded the U.S. Air Force Cloud One Architecture and Common Shared Services contract and currently has an opening for the Cybersecurity Compliance & Scanning SME AWS, Azure, Google, and Oracle clouds. This is an exciting opportunity to use your experience to modernize a leading, global‑scale multi‑cloud environment in support of a critical mission, supporting USAF system resiliency, security, and cost effectiveness.

This position will be hybrid remote and may require travel to support customer or corporate meetings near Hanscom AFB (Boston, MA), Huntsville, AL or Reston, VA.

• Design, deploy, configure, operate, and maintain scanning technologies of the C1 Architecture for Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure in NIPRNet and SIPRNet.
• Serve as Subject Matter Expert (SME) for all IT stakeholders involved with system design, system builds, and Authority to Operate (ATO) efforts on cybersecurity requirements and enterprise scan tooling, to include but not limited to: the DoD ACAS Suite, Cloud Native Services, SAST/DAST, Infrastructure as Code (IaC) and SCAP.
• Provide and execute a plan for enterprise vulnerability and compliance scanning.
• Continuously monitor system resources through automated scanning and implement automated reporting feeds to support cybersecurity authorizations.
• Support Security Information and Event Management (SIEM) platform integration efforts.
• Support the cybersecurity authorizations team developing artifacts required to achieve milestones such as Interim Authority Test (IATT) and Authorization to Operate (ATO).
• Ensure compliance with SCCA, Cloud SRG, and other STIG/SRG requirements.
• Support Continuous Authorization to Operate (cATO) within a Dev Sec Ops  or cloud‑based environment, including implementation of automated control validation, continuous monitoring integration, and real‑time POA&M management.
• Create RMF‑required authorization‑related documentation and artifacts and support ATO sustainment activities for C1 and DPaaS environments.
• Conduct routine Insider Threat Assessment and document results in the Contractor’s System Security Plan.
• Verify patch compliance using the approved technical solutions and conduct remediation activities.
• Implementation of security procedures, and verify information system security requirements, including coordinating the execution, review, and disposition of STIG checklists for systems, applications, developed code and other components.
• Participate in regular briefings with the customer on cybersecurity status, including preparing briefing materials.
• Work closely with government Cyber & technical teams to support ATO conditions and requirements.
• Prepare detailed technical documentation to support development and operational processes.
• Collaborate with team members and provide mentorship to junior staff, fostering a learning environment.

• Bachelors and 8+ years of prior relevant experience or Masters with 6+ years of prior relevant experience.
• 5+ years of experience with cloud hosted systems and/or applications.
• Interim Secret clearance required to start;
  Ability to obtain Secret clearance required to maintain employment.
• US citizenship required.
• DoD ACAS Operator Course Complete.
• Certifications:
  
  CompTIA Security+ or equivalent (IAT‑2).

• Experience with USAF Cloud One or Platform 1.
• Experience with automation and creating automations for scan report data.
• Experience with Cloud Native Services related to scanning and security.
• Experience with tools like Trivy, Grype, Terrascan, Sonarqube, Burpsuite, Prisma Cloud Compute, and Splunk.
• Cloud certifications in AWS, Azure, Google, or Oracle clouds.
• Certifications:
  
  CISSP or equivalent (IAT‑3).

Pay Range $ – $

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining…