Security Engineer – ABAC Security Platform Implementation Specialist

The Leidos Corporate Information Security Office is seeking an experienced and proactive Security Engineer to lead the implementation of an Attribute-Based Access Control (ABAC) security platform; this position will allow for 100% remote work with occasional travel.

POSITION SUMMARY:
This role will be instrumental in designing, deploying, and managing a robust ABAC framework that ensures access control decisions are made based on a wide range of attributes, including user, environment, and resource characteristics. The ideal candidate will work closely with various teams to ensure the successful adoption and operation of the platform.

PRIMARY RESPONSIBILITIES:
•Lead ABAC Implementation: Drive the architecture, design, and implementation of the ABAC platform, ensuring that it is scalable, efficient, and secure. Lead the rollout of ABAC policies and enforcement mechanisms across the organization.
•Implementation Targets:  Implement ABAC controls across Snowflake, and On-Prem Oracle/SQL based analytics platforms.
•Access Control Policy Design: Work with stakeholders to define, implement, and enforce access control policies based on attributes such as user role, department, time of access, and resource sensitivity.
•Collaboration with Cross-functional Teams: Partner with development, IT, and operations teams to integrate ABAC solutions seamlessly into existing systems, applications, and infrastructures.
•Risk Management and Mitigation: Evaluate the security risks related to access control, especially with respect to sensitive data, applications, and infrastructure. Ensure that the ABAC system meets security, privacy, and compliance requirements.
•System Integration: Ensure that ABAC is effectively integrated with other security solutions (e.g., IAM, SSO, SIEM) to provide a comprehensive, unified security posture.
•Automation & Monitoring: Develop automated processes for ABAC enforcement, monitoring, and auditing. Implement continuous monitoring to ensure compliance with access policies and flag any unauthorized access attempts.
•Incident Management & Troubleshooting: Investigate security incidents involving access control, perform root cause analysis, and implement corrective actions to prevent recurrence.
•Documentation & Reporting: Provide clear and detailed documentation regarding ABAC policies, system configurations, and best practices. Create regular reports on the effectiveness of the ABAC platform and policy compliance.
•Stay Up-to-Date with Trends: Stay informed on industry developments related to ABAC, identity management, and access control technologies. Suggest improvements and innovations to enhance platform capabilities.

CLEARANCE REQUIREMENT:
No initial clearance is required to start; however, you must be able to obtain and maintain a DoD Secret security clearance. (US Citizenship required). 

BASIC QUALIFICATIONS:
•Must have a Bachelor's degree and 8+ years of experience in security engineering or a related field, with a focus on access control mechanisms and security policy implementation;  additional years of experience may be substituted in lieu of a degree. 
•Demonstrated experience developing and deploying security solutions that meet customer requirements.
•Excellent written and verbal communication skills and the ability to partner and collaborate with both engineers and customers on architecture vision and security model.
•Represent Security Platform in the development and implementation of the overall enterprise architecture.

REQUIRED TECHNICAL SKILLS:
•In-depth knowledge of Attribute-Based Access Control (ABAC) principles, frameworks, and tools (Saas, Cloud, On-Prem).
•Familiarity with identity and access management (IAM) systems, SSO, and role-based access control
•Experience with cloud-based access control systems (e.g., Snowflake, AWS, Azure, Google Cloud) and securing cloud environments.
•Experience with security integration tools and platforms (e.g., IAM, SSO, PAM, Microsoft AD, Azure AD, and Okta).
•Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation of ABAC 

Security Knowledge:
•Familiarity with security frameworks and standards such as NIST, CIS, ISO 27001, and GDPR.
•Understanding of encryption, authentication, and authorization protocols, such as OAuth, OpenID Connect, SAML, and Kerberos.
•Certifications: Professional certifications such as CISSP, CISM, CISA, or Security+ are highly preferred.
•Analytical Skills: Strong problem-solving skills and ability to analyze complex access control issues and develop actionable solutions.
•Communication Skills: Excellent written and verbal communication skills to interact effectively with both technical and non-technical stakeholders.

PREFERRED QUALIFICATIONS:
•Experience implementing ABAC in large or complex environments (e.g., hybrid cloud).
•Familiarity with Zero Trust architectures and integration of ABAC in Zero Trust models.
•Experience with SIEM (Security Information and Event Management) tools for access auditing and monitoring.

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.