Leidos' Corporate Information Security Office, reporting through the Digital Sector, is seeking an
Alternate Information Systems Security Manager (Alt. ISSM) in our San Diego, CA Campus Point office.
In this role, you will oversee several
DCSA-approved Collateral Information Systems and maintain accreditation throughout the system lifecycle. You will serve as the Information Assurance (IA) Subject Matter Expert (SME), providing technical leadership and security oversight for collateral enclaves across the enterprise, with demonstrated expertise in SIPRNet environments and requirements. To be successful in this role, you will have a proven track record supporting and leading successful
CORA / CCRI inspections, ensuring compliance with DoD, DCSA, and applicable cybersecurity policies and directives. Additionally, you will oversee day-to-day information system security operations; manage collateral IA and IT personnel; resolve complex cybersecurity challenges; and develop innovative solutions to meet evolving security requirements. Ideally, you will demonstrate the ability to successfully work independently and collaboratively with analysts, information technology management and staff, site leadership, and external stakeholders to ensure mission success and regulatory compliance.
Primary ResponsibilitiesThis role may include a combination of duties to protect information and maintain security controls for an entire system, site, or program to reduce risk.
- Develop and lead Information Security projects from concept through deployment, implementation, and user acceptance.
- Support and maintain SIPRNet environments, ensuring compliance with DoD, NISPOM, DAAG, and organizational cybersecurity requirements through continuous monitoring, risk management, and security operations.
- Conduct vulnerability assessments and remediation activities, including STIG implementation, vulnerability analysis, POA&M management, and timely correction of security findings to maintain system accreditation and compliance.
- Conduct vulnerability assessments and remediation efforts, including STIG implementation, vulnerability analysis, POA&M tracking, and timely correction of security findings to maintain system accreditation and compliance.
- Develop and deliver cybersecurity, information assurance, and incident response training programs; create training materials, procedures, and technical instruction to promote security awareness and workforce readiness.
- Implement and manage RMF Continuous Monitoring activities, utilizing automated tools and ticketing systems to track security controls, vulnerabilities, corrective actions, and compliance status.
- Maintain and update system authorization packages and supporting documentation, including SSPs, CONOPS, POA&Ms, security control evidence, continuous monitoring artifacts, and other Assessment and Authorization (A&A) documentation.
- Develop and maintain Configuration Management procedures for security-relevant hardware, software, and firmware; facilitate CCB meetings, assess security impacts of proposed changes, and document approvals and implementation evidence.
- Ensure information systems are operated, maintained, and disposed of in accordance with approved authorization packages, customer requirements, and applicable security policies.
- Evaluate proposed system changes and advise program and site leadership on security implications, risks, and required mitigations.
- Participate in risk management activities, security assessments, audits, and inspections; conduct risk assessments and coordinate corrective actions to address identified findings.
- Lead investigations of cybersecurity incidents and security violations, coordinate reporting requirements, and ensure appropriate containment, remediation, recovery, and corrective actions are implemented.
- Partner with the Facility Security Officer (FSO) and program leadership to develop, implement, and manage the Information Systems Security Program.
- Develop, implement, enforce, and continuously improve information security policies, procedures, and operational practices.
Basic Qualifications- An active DoD Secret clearance is required for consideration; you must also be eligible to obtain Top Secret clearance following hire.
- Bachelor's degree in an IT-related subject matter area from an accredited college or university and 8+ years of experience in being in an operational cyber security-specific role (e.g., information system security manager, information system security officer, cyber security specialist) or have 12+ years of experience in an IT related position with at least 10 of those years in an operational cyber security specific role.
- At least 10 years of IA Cyber management experience.
- DoD 8570 IAM Level III certified (CISSP or equivalent)
- Experience serving as a SIPRNet SME and supporting successful CORA and/or CCRI inspections in a lead or key contributor role.
- Detailed understanding of the Risk Management Framework (RMF), National Institute of Standards and Technology (NIST), and Committee on National Security Systems (CNSS) cyber security requirements and guidance, cybersecurity-related risk management techniques.
- Working knowledge in maintaining compliance with National Industrial Security Program Operating Manual (NISPOM) and DCSA Assessment and Authorization Process Manual (DAAPM) / DCSA Assessment and Authorization Guide (DAAG) security requirements for classified information systems.
- Familiarity with network technologies (LAN & WAN) and best practices within a classified environment, including crypto and key management.
- Working knowledge of Microsoft Windows (workstation & server) and Linux operating systems in a secure network environment.
- Experience with compliance and vulnerability scanning tools (e.g., Tenable, Splunk, ACAS, STIG Viewer).
- Experience with workflow, documentation, and configuration/change management tools (e.g., JIRA, Confluence, eMASS).
- Must be able to work in a constantly changing regulatory environment with short-, mid-and long-term timelines for remediating any non-compliance.
- Must work well within a team environment and adapt quickly to change.
- Excellent verbal and written communication skills.
Preferred Qualifications- Proficient in using Microsoft Windows and Linux operating systems and cloud computing.
- Experience with developing policies, procedures, and guidance, including providing artifacts for the RMF process.
- Experience using JIRA ticking and confluence.
Original Posting:June 25, 2026
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:Pay Range $107,900.00 - $195,050.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
