Overview
Remote
USD 144,300.00 - 260,850.00 per year
Full Time
Skills
Agile
Security audit
IT management
Continuous improvement
Evaluation
ISO/IEC 27001:2005
Collaboration
Knowledge transfer
Computer science
Information management
Information Technology
Communication
Planning
IT infrastructure
NIST SP 800 Series
Security controls
Risk assessment
Security analysis
Nessus
Qualys
Splunk
RSA
EMC RSA Archer
Management
Linux
Metasploit
Burp suite
Nmap
Penetration testing
Documentation
Risk management
Mentorship
Training
Professional development
NOC
Systems architecture
Cloud architecture
Service delivery
Critical thinking
FOCUS
Roadmaps
Regulatory Compliance
FISMA
FedRAMP
Cloud security
Cloud computing
Amazon Web Services
Microsoft Azure
Google Cloud
Google Cloud Platform
Security operations
Incident management
Cyber security
Network
Operations
Data
Presentations
Auditing
Leadership
CISSP
CISM
Market analysis
Law
Job Details
At Leidos, we help our customers execute programs for the world's most critical missions. We respond to challenges and deliver next generation of agile, cohesive solutions for today's rapidly changing environment. Leidos is seeking a highly skilled Lead Cybersecurity Auditor/Assessor to join the Defensive Cyber Operations team within our Digital Modernization Sector. This position will be responsible for leading and executing comprehensive security audits and assessments of IT systems, networks, applications, and processes, ensuring compliance with industry standards, regulations, and best practices. You will be responsible for planning and executing complex audits, evaluating security controls, identifying vulnerabilities, and providing actionable recommendations to improve the organization's security posture. As the technical lead, you will work closely with IT teams, Compliance officers, and senior management to communicate findings, develop recommendation strategies, and ensure alignment with organizational goals.
This role requires a strong bled of technical expertise and leadership skills, as you will guide and mentor junior auditors, manage assessment teams, and refine audit methodology for consistent evaluations. The ideal candidate will have a proactive approach to identifying and mitigating risks, staying updated on emerging threats and security advancements. Your work will be instrumental in driving continuous improvement across the organization's cybersecurity risk management processes, enhancing bot resilience and compliance.
Primary Responsibilities
Leading the planning, execution, and management of cybersecurity audits and assessments, ensuring thorough evaluation of IT systems, networks, applications, and processes.
Evaluating security controls against frameworks such as NIST CSF, NIST SP 800-53, ISO27001, and other relevant standards and regulations, ensuring compliance and risk management.
Analyzing vulnerabilities, identifying risk, and provide actionable recommendations for risk mitigation and improving security posture.
Conduct red team and penetration testing to identify vulnerabilities across IT systems, networks, and applications, simulating adversarial techniques to evaluate defense.
Collaborate with necessary parties to identify gaps, verify remediation efforts, and enhance security controls and processes.
Develop and maintain audit/assessment documentation, including work instructions, reports, and findings, ensuring accuracy and completeness.
Provide technical guidance, training, and mentorship to junior cybersecurity auditors/assessors, fostering skill development and knowledge transfer.
Coordinate with stakeholders to ensure a clear communication of audit results, risk assessments, improvement plans, and technical roadmaps.
Stay updated on evolving cybersecurity threats, regulatory requirements, and best practices to ensure assessments are current and effective
Contribute to the development and enhancement of audit/assessment methodologies, tools, and processes.
Basic Qualifications
Master's degree and 15+ years experience in Computer Science (CS), Information Management (IM), Information Technology, or Engineering relevant technical experience. Additional experience may be substituted for a degree.
Excellent written and verbal communication and interpersonal skills with all levels of stakeholders
Proven experience leading cybersecurity audit/assessment projects, including the planning, execution, and management of complex assessments of IT infrastructure, networks, cloud environments and applications.
Strong working knowledge of cybersecurity frameworks and standards such as NIST CSF, NIST SP 800 Series, CIS Controls, federal regulations and mandates, with hands-n experience in applying these standards to assess security control implementation and compliance.
Experience in conducting risk assessments, penetration testing, and vulnerability assessments, as well as analyzing and documenting findings for technical and non-technical audiences.
Demonstrated experience using security assessment tools (e.g., Nessus, Qualys, Burp Suite,) and compliance tools (e.g., Splunk, RSA Archer, Rapid 7) to identify security gaps and evaluate risk management controls.
Experience collaborating with cross-functional teams, including IT, compliance, cybersecurity, and management, to prioritize risks, develop remediation plans, and support security improvement initiatives.
Demonstrated understanding of adversary tactics, techniques, and procedures (TTPs), including the ability to simulate advanced persistent threats (ATPs) and conduct multi-stage attack chains.
Proficiency with industry-standard tools such as Kali Linux, Metasploit, Burp Suite, Nmap, Cobalt Strike, or similar for executing penetration test and red team exercise.
Strong background in creating detailed audit reports, workpapers, and documentation that comply with audit standards and provide actionable recommendation on risk mitigation.
Experience in mentoring and training junior team members, fostering professional development and enhancing team effectiveness.
Demonstrated ability to work in a customer environment collaboratively through constraints to meet mission milestones.
Breadth of experience and/or expertise in Wide Area Networks, Zero Trust, Cyber Security Incident Handling and Countermeasures, NOC Operations, System Architecture, Cloud Architecture, Service Delivery, and 'as a Service' models.
Must have proven track record of critical thinking and developing creative problem and hard problem solutions with a focus on outcome-based delivery of meaningful innovations.
Experience with large programs and performing technology assessments and creating capability roadmaps.
Self-motivated and focused on delivering outcomes with the ability to work independently and in teams.
Preferred Qualifications
Experience in government, federal or regulated industry environments, with an understanding of specific compliance requirements (e.g., FISMA, FedRAMP, CMMC).
Familiarity with cloud security audits and assessments, specifically in cloud platforms like AWS, Azure, or Google Cloud, including evaluating controls and configurations.
Prior experience working is Security Operations Centers (SOCs) or with incident response teams, contributing to cybersecurity investigations and responses.
Experience with Network Operation Center, Defensive Cyber Operations, and Data Center operational processes.
Experience in presenting audit results to executive leadership, boards, or government stakeholders with the ability to effectively convey complex technical concepts in a clear and concise manner.
CISSP, CISM or equivalent industry recognized certification.
Original Posting Date:
2024-10-23
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $144,300.00 - $260,850.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
This role requires a strong bled of technical expertise and leadership skills, as you will guide and mentor junior auditors, manage assessment teams, and refine audit methodology for consistent evaluations. The ideal candidate will have a proactive approach to identifying and mitigating risks, staying updated on emerging threats and security advancements. Your work will be instrumental in driving continuous improvement across the organization's cybersecurity risk management processes, enhancing bot resilience and compliance.
Primary Responsibilities
Leading the planning, execution, and management of cybersecurity audits and assessments, ensuring thorough evaluation of IT systems, networks, applications, and processes.
Evaluating security controls against frameworks such as NIST CSF, NIST SP 800-53, ISO27001, and other relevant standards and regulations, ensuring compliance and risk management.
Analyzing vulnerabilities, identifying risk, and provide actionable recommendations for risk mitigation and improving security posture.
Conduct red team and penetration testing to identify vulnerabilities across IT systems, networks, and applications, simulating adversarial techniques to evaluate defense.
Collaborate with necessary parties to identify gaps, verify remediation efforts, and enhance security controls and processes.
Develop and maintain audit/assessment documentation, including work instructions, reports, and findings, ensuring accuracy and completeness.
Provide technical guidance, training, and mentorship to junior cybersecurity auditors/assessors, fostering skill development and knowledge transfer.
Coordinate with stakeholders to ensure a clear communication of audit results, risk assessments, improvement plans, and technical roadmaps.
Stay updated on evolving cybersecurity threats, regulatory requirements, and best practices to ensure assessments are current and effective
Contribute to the development and enhancement of audit/assessment methodologies, tools, and processes.
Basic Qualifications
Master's degree and 15+ years experience in Computer Science (CS), Information Management (IM), Information Technology, or Engineering relevant technical experience. Additional experience may be substituted for a degree.
Excellent written and verbal communication and interpersonal skills with all levels of stakeholders
Proven experience leading cybersecurity audit/assessment projects, including the planning, execution, and management of complex assessments of IT infrastructure, networks, cloud environments and applications.
Strong working knowledge of cybersecurity frameworks and standards such as NIST CSF, NIST SP 800 Series, CIS Controls, federal regulations and mandates, with hands-n experience in applying these standards to assess security control implementation and compliance.
Experience in conducting risk assessments, penetration testing, and vulnerability assessments, as well as analyzing and documenting findings for technical and non-technical audiences.
Demonstrated experience using security assessment tools (e.g., Nessus, Qualys, Burp Suite,) and compliance tools (e.g., Splunk, RSA Archer, Rapid 7) to identify security gaps and evaluate risk management controls.
Experience collaborating with cross-functional teams, including IT, compliance, cybersecurity, and management, to prioritize risks, develop remediation plans, and support security improvement initiatives.
Demonstrated understanding of adversary tactics, techniques, and procedures (TTPs), including the ability to simulate advanced persistent threats (ATPs) and conduct multi-stage attack chains.
Proficiency with industry-standard tools such as Kali Linux, Metasploit, Burp Suite, Nmap, Cobalt Strike, or similar for executing penetration test and red team exercise.
Strong background in creating detailed audit reports, workpapers, and documentation that comply with audit standards and provide actionable recommendation on risk mitigation.
Experience in mentoring and training junior team members, fostering professional development and enhancing team effectiveness.
Demonstrated ability to work in a customer environment collaboratively through constraints to meet mission milestones.
Breadth of experience and/or expertise in Wide Area Networks, Zero Trust, Cyber Security Incident Handling and Countermeasures, NOC Operations, System Architecture, Cloud Architecture, Service Delivery, and 'as a Service' models.
Must have proven track record of critical thinking and developing creative problem and hard problem solutions with a focus on outcome-based delivery of meaningful innovations.
Experience with large programs and performing technology assessments and creating capability roadmaps.
Self-motivated and focused on delivering outcomes with the ability to work independently and in teams.
Preferred Qualifications
Experience in government, federal or regulated industry environments, with an understanding of specific compliance requirements (e.g., FISMA, FedRAMP, CMMC).
Familiarity with cloud security audits and assessments, specifically in cloud platforms like AWS, Azure, or Google Cloud, including evaluating controls and configurations.
Prior experience working is Security Operations Centers (SOCs) or with incident response teams, contributing to cybersecurity investigations and responses.
Experience with Network Operation Center, Defensive Cyber Operations, and Data Center operational processes.
Experience in presenting audit results to executive leadership, boards, or government stakeholders with the ability to effectively convey complex technical concepts in a clear and concise manner.
CISSP, CISM or equivalent industry recognized certification.
Original Posting Date:
2024-10-23
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $144,300.00 - $260,850.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.