The DoW Healthcare Management System Modernization (DHMSM) Program is looking for an experienced ISSO/ISSE to join our cyber team in support of the continued development, sustainment, and deployment of the Military Health System (MHS) GENESIS system. MHS GENESIS is deployed globally to over 3700 locations at 138 Medical Treatment Facilities (MTFs), serving 190K users, providing 1100+ clinical workflows delivering medical electronic health record (EHR) capabilities for nearly 10M beneficiaries.

WHAT YOU WILL BE DOING

The ISSO supports the Cybersecurity Leads with all Risk Management Framework (RMF) Authorization and Sustainment related functions to include Interim Authorization to Test (IATT), Authority to Operate (ATO), Annual Security Review (ASR), Risk Assessment (RA) and Continuous Monitoring (ConMon) activities for all assigned systems. Responsibilities include, but are not limited to, the following:

• Maintaining RMF Authorizations for all assigned ATOs including any required IATT, ATO, ASR, RA and ConMon related activities and assisting team members with unassigned ATOs as required.

• Primary cybersecurity review of system architecture and technical artifacts (to include PPSM, diagrams, STIGs, compliance evidence, and policy documentation)

• Developing, updating and working with Cybersecurity Leads and LPDH partners to ensure implementation of cybersecurity policies and procedures, and developing any other required cybersecurity related documentation.

• Ensuring assigned systems meet requirements to obtain required authorizations and approvals including IATT, ATO, and ASRs from the assigned Authorizing Official (AO)

• Understanding all DOW and DHA RMF policies, procedures, and guidance and keeping up with all changes.

• Ensuring eMASS record is maintained in accordance with DHMHSM and DHA requirements.

• Assisting with the development of templates and recommending other tools to support risk management and ATO activities, as needed.

• Working with CyberOps to ensure all assets are scanned properly and that any scan issues are resolved in a timely manner. Tracking all issues.

• Developing and Maintaining Plans of Action and Milestones (POA&Ms) and Risk Acceptances for all assigned ATOs and ensuring POA&Ms received from other teams meet all DHA requirements.

• Tracking vulnerability remediation statuses and POA&M closures on a weekly basis for metrics reporting.

• Periodically evaluating the effectiveness of all Assessment Procedures for RMF security controls to ensure operational security posture is maintained.

• Supporting cybersecurity compliance assessment efforts by providing systems engineering and documentation support.

• Ensuring all DoW and DHA cybersecurity-related documentation is current and accessible to properly authorized individuals.

• Assisting Cybersecurity Leads in ensuring the project meets identified milestones and requirements.

• Contributing to the development of cyber strategies and any associated documentation.

• Ensure all users have requisite security clearances and access authorization.

• Provide Subject Matter Expertise for customer inquiries.

FACTORS FOR SUCCESS

• BS degree and 8-12 years of prior relevant experience

• US Citizen with Active Secret Clearance or higher – required. Contract requirement.

• Minimum of 5 years’ hands-on experience on Defense Health Agency projects in a cybersecurity role.

• DoW 8570 Certification

• Proficiency in eMASS

• Prior experience with DoW Accreditation and tools such as eMASS, ACAS, CMRS and HBSS

• Knowledge of networks, cyber defense toolsets and processes. Strong understanding of related technologies and significant knowledge of networking technologies, operating systems, and security tools, tactics, techniques, and procedures.

• Attention to detail

• Excellent written and verbal communication skills and the ability to effectively interact and work with internal team members, vendors and clients.

• Experience with network and network security assessments and documenting the results using NIST SP 800-53A (Rev 5), completing security plans and recommending Security Controls for Federal Information Systems

• Strong ability to document recommendations to correct security weaknesses resulting from security assessments and tracking implementation of corrective actions

• Experience developing network and network security policies and system security documentation and procedures

• Experience with DoW Information Assurance Vulnerability Management (IAVM) Program

• Experience with Cloud

• Experience with Containers

• Scripting knowledge: PowerShell, Python, Shell Scripting

HOW YOU WILL STAND OUT FROM THE CROWD

• PMP Certification

• A high degree of proficiency in eMASS

• DHA A&A Experience

• Proficiency in ACAS/NESSUS, SCAP

• Experience with Cloud

• Experience with Containers

• Experience with the DoW Information Assurance Vulnerability Management (IAVM) Program

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.