Join our mailing list

Leidos Biomedical Research - Cloud Security Pen Tester

Date Posted: 1/31/2018


The responsibility of this position may include, but is not limited to, consulting, auditing, operations, documentation, monitoring, and engineering for information systems security. 


Essential duties involve close coordination with all information system owners, and includes:

  • Obtaining security authorizations for systems under the authority of NCI-Frederick/FNLCR by conducting IT security audits of the network and devices for Federal Information Security Management (FISMA) compliance
  • Performing penetration tests on cloud based applications
  • Ensuring NCI-Frederick/FNLCR information systems maintain appropriate operational security posture consistent with the FISMA, working in close collaboration with information system owners
  • Serving as an advisor on matters involving the security of NCI-Frederick/FNLCR information systems, and provides security awareness and training to NCI-Frederick personnel, customers, and users
  • Developing and assessing information security requirements for NCI-Frederick/FNLCR, and ensuring information system owners integrate and implement security requirements into the design, development, and configuration of information systems
  • Coordinating security-related activities with the Information System Security Officers (ISSO), Information System Owners, and common control providers
  • Location will be mainly Frederick, MD but will also work 2 days a week in Rockville, MD


To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

  • Possession of a Bachelor’s degree in job related field from an accredited college or university according to the Council for Higher Education Accreditation (CHEA) or four (4) years related experience in lieu of degree
  • Foreign degrees must be evaluated for U.S. equivalency
  • A minimum of six (6) years progressively responsible job related experience.  Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related. Must also have web application/service penetration test experience.
  • Practical understanding and application of the NIST Risk Management Framework and FedRAMP requirements
  • Work independently and make decisions regarding complex issues with appropriate consultation of peers, cross-functional teams, and supervisors 
  • Must be analytical and able to analyze complex information, synthesize disparate data sources, and communicate effectively 
  • Must be able to develop technical documentation and non-technical presentations; and, express information in a clear, concise, and organized manner, both verbally and in writing 
  • Must be detail-oriented with the ability to prioritize multiple tasks/projects 
  • Demonstrate working knowledge of standards and guidelines for Information Security published by the National Institute of Standards and Technology (NIST) 
  • Working knowledge and expertise required for administering the information security aspects of information systems in compliance with regulations and directives of FISMA, and the Office of Management and Budget (OMB)
  • Proficient with penetration testing tools and cloud infrastructure and software as a service, including Amazon AWS
  • Location is in Frederick, but must be willing to travel to Rockville office two (2) days a week
  • Must be able to obtain and maintain a Security Clearance


Candidates with these desired skills will be given preferential consideration:

  • Experience with regulatory compliance related to cloud security
  • Experience with scripting (pyton, bash and powershell)
  • Certifications such OSCP, GWAPT, GPEN

If you are interested in this position, please use the following link to apply:


View all Jobs