IV&V Senior Analyst

Description

The mission of the DHS Chief Information Security Officer Directorate (DHS CISOD) is to support the Department’s implementation of all applicable regulatory requirements including the Federal Information Security Modernization Act of 2014 (FISMA), relevant Office of Management and Budget (OMB) Circulars, Executive Orders, Federal laws, directives, policies, and regulations. The DHS CISOD’s mission is to also provide the Department of Homeland Security (DHS) a secure and trusted computing environment. The DHS CISOD assists in ensuring Department compliance with information security requirements. Information security is an essential business function, critical to enabling DHS to conduct its operations and deliver service to the public.

Leidos is seeking an experienced IV&V Senior Analyst to support DHS CISOD in ensuring DHS-wide compliance with federal information security laws, regulations, mandates, and standards. The selected candidate will perform independent verification and validation activities over Component validation and remediation efforts, provide detailed analysis of security documentation and control implementations, and deliver actionable recommendations to support risk-informed decision making across the enterprise.

The IV&V Senior Analyst will serve as a subject matter expert in cybersecurity compliance and control validation, working closely with DHS Components and government stakeholders to assess remediation packages, evaluate security documentation, monitor corrective actions, and help ensure the quality, consistency, and timeliness of IV&V support provided to CISOD. This role requires strong familiarity with DHS cybersecurity processes, Risk Management Framework (RMF) requirements, and federal security guidance, as well as the ability to communicate technical findings clearly to both technical and non-technical audiences.

Primary Responsibilities:

• Perform IV&V testing and analysis over Component V&V packages for remediated IT security controls, including review of supporting evidence, validation of testing adequacy, and identification of gaps or inconsistencies.

• Review Component-submitted remediation and validation documentation to determine compliance with DHS and federal cybersecurity requirements and provide clear, risk-based feedback.

• Track submitted V&V packages through review and approval workflows, including coordination of CISOD and OCFO signatures and status updates for reporting purposes.

• Evaluate System Security Plans (SSPs), security authorization artifacts, and other system documentation to determine whether required controls have been properly implemented and documented across applicable system layers.

• Assist in performing Security Authorization Reviews for CFO-designated and ancillary systems, including analysis of control implementation statements, observations, and documentation sufficiency.

• Review Component IT commitment letters, provide comments, and monitor testing and passing status against stated commitments.

• Develop, maintain, and improve QA processes, checklists, traceability matrices, and standard guidance documents to enhance consistency and repeatability across IV&V activities.

• Provide measurable data, status updates, and reporting inputs that support monthly IT audit reporting and executive-level visibility into remediation and compliance trends.

• Coordinate with government and contractor stakeholders to resolve issues, clarify findings, and improve the quality of Component submissions.

• Contribute to process improvements, GRC updates, and standardization efforts related to assessments, authorizations, and remediation validation activities.

• May provide guidance and mentoring to junior staff and support internal quality reviews as needed.

Primary Qualifications:

• Must be able to obtain a DHS Security Clearance.

• Bachelor’s degree and 8+ years of experience in IV&V, cybersecurity compliance, RMF, security controls assessment, or a related information assurance/cybersecurity field; or Master’s degree and 6+ years of relevant experience.

• Experience supporting DHS or other Federal cybersecurity compliance and assessment activities.

• Strong knowledge of NIST RMF, FISMA, FedRAMP, FIPS, NIST guidance, and applicable OMB and DHS cybersecurity policies and procedures.

• Experience reviewing security authorization documentation, remediation packages, SSPs, and control validation evidence.

• Ability to analyze technical documentation, identify compliance gaps, and provide practical, risk-based recommendations.

• Experience developing reports, metrics, and written products for government stakeholders.

• Strong written and verbal communication skills and the ability to work effectively in a collaborative, fast-paced environment.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.