Information Security Compliance Engineer
1 week ago
(ID: 2024-6871)
Zero Trust is seeking a Information Security Compliance Engineer to join our vibrant team at the National Institutes of Health (NIH) supporting the National Center for Advancing Translational Sciences (NCATS) located in Rockville, MD.
Benefits We Offer:
- 100% Medical, Dental & Vision Coverage for Employees
- Paid Time Off and Paid Holidays
- 401K match up to 5%
- Educational Benefits for Career Growth
- Employee Referral Bonus
- Flexible Spending Accounts:
- Healthcare (FSA)
- Parking Reimbursement Account (PRK)
- Dependent Care Assistant Program (DCAP)
- Transportation Reimbursement Account (TRN)
The Information Security Compliance Engineer will support the NCATS Cybersecurity Services (CSS) team in implementing the NIST 800-53 security controls and assist the infrastructure, platform and application teams with technical security support. Oversee the security posture of NCATS systems, inventory, and applications. Provide Risk Management Framework (RMF) support. Assist in the remediation of Plan of action and miles stones (POA&M) by. Provide analysis of day-to-day security activities, identify, and manage cyber risks, prepare remediation plans, be able to effectively draft compliance documentation. The Infosec Compliance Engineer will also use the expertise to manage security incident workflows and waivers. Provide strategic design guidance to all the stakeholders to translate security and business requirements into technical designs; configure and validate secure complex systems; and help test security products and systems to detect security weakness.
PRIMARY RESPONSIBILITIES:
- Manage daily Cybersecurity Operational activities.
- Proactively Manage Cybersecurity Operations projects and tasks and ensure on time delivery.
- Take initiatives to identify, analyze and remediate weaknesses and present reports to the management.
- Lead and mentor the NCATS CSS Cybersecurity Operations team.
- Must be able to represent NCATS CSS team and provide technical security guidance in troubleshooting calls.
- Must have hands on experience with firewalls, load balancers switches, routers, Windows and Linux/Unix servers.
- Must have expert understanding of TCP/IP and networking principles.
- Take the lead on securing NCATS system and applications through system hardening.
- Must be able to secure DevOps pipelines by providing technical security guidance and support to the application and infrastructure teams.
- Lead the security operations in proactively managing threats, vulnerabilities and remediation efforts.
- Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.
- Lead NCATS Cybersecurity ATO preparations efforts to follow the Risk Management Framework (RMF).
- Have a solid understanding of the ATO preparation and security controls implementation process.
- Lead ATO technical guidance efforts and help write documents such as System Security Plans (SSPs).
- Schedule and coordinate operational activities, sessions, and meetings with the stakeholders.
- Provide security controls implementation guidance.
- Provide effective guidance to the stakeholders on secure baseline configurations.
- Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.
- Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client's information systems.
- Develop daily, weekly, and annual NCATS security landscape metrics.
- Help the Vulnerability Management team to Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities.
- Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.
REQUIRED QUALIFICATIONS:
- Must Have hands on Linux/Unix experience and know how secure the systems.
- Understand how to implement security controls based on NIST 800-53.
- Must be able to conduct and lead technical reviews and analysis with infrastructure and application teams.
- Must be able to troubleshoot security incidents and lead the other technical teams to resolve incidents as well as remediate the threats and concerns.
- Must be able to provide guidance on security control implementation and perform technical tasks when needed for Windows, Linux/Unix environments.
- Must be familiar with networking and other infrastructure components such as traffic flow, access management and Active Directory etc.
- Be able to manage cyber risks by providing guidance to secure system designs, baseline configuration assistance and administer ATO preparation activities.
- Be able to manage and administer the security tools and have hands on working experience with Tenable Nessus, Netsparker, Trellix suite, Palo Alto, BigFix, Splunk, etc. and cloud-based equivalents.
- Must have experience with DevOps security controls implementation.
- Must be familiar with GitHub, Docker and in general with the CI/CD pipeline security.
- Assist in security incident response efforts.
- Work with other teams to integrate the NCATS Threat and Vulnerability Management processes with the patching cycles, baseline configurations and CIS benchmarks.
- Must be familiar with database server architecture and be able to provide security support to the database team.
- Must be familiar with Cloud environments and tools.
- Must be familiar with Risk Management Framework (RMF) and Government mandates such as continuous diagnostic mitigation (CDM) and Binding operations directives (BODs)
- Identify, analyze, and develop mitigation or remediation actions for POA&Ms
- Assist with a reliable patch and compliance management mechanism for all on-premises and cloud systems.
- Recommend, configure, and install advanced firewalls and centrally manage other security tools in multiple cloud environments.
PREFERRED QUALIFICATIONS:
- BS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.
- Bachelor's degree in a relevant technical discipline and 4+ years of overall related IT security compliance experience. 5+ years of additional related years of experience is accepted in lieu of a degree.
- Experience working with NIST 800-53 series guidance.
- Familiarity with Windows/Unix/Linux platforms.
- Familiarity with DevOps pipelines, code scanning, penetration testing etc.
- Experience in security compliance documentations such as SARS[MB1] [IJ2] , Waivers, Contingency and Incident Response plans, etc.
Disclaimer:The above description is meant to illustrate the general nature of work and level of effort being performed by individuals assigned to this position or job description. This is not restricted as a complete list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description or responsibilities as needed.
The diversity of Zero Trust's employees is a tremendous asset. We are firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination or harassment based on age, race, gender, religion, national origin, disability, marital status, covered veteran status, sexual orientation, status with respect to public assistance, and other characteristics protected under state, federal, or local law and to deter those who aid, abet, or induce discrimination or coerce others to discriminate.
Accessibility: If you need an accommodation as part of the employment process please contact: careers@axleinfo.com
-
Senior Cloud Security Engineer
5 days ago
Rockville, Maryland, United States General Dynamics Information Technology Full timeJob Summary:We are seeking a highly skilled Senior Cloud Security Engineer to join our team at General Dynamics Information Technology. As a Senior Cloud Security Engineer, you will be responsible for designing, deploying, operating, and maintaining secure Cloud products and services within a Cloud-based environment.Key Responsibilities:Collaborate with...
-
Cloud Security Architect
5 days ago
Rockville, Maryland, United States General Dynamics Information Technology Full timeJob Summary:We are seeking a highly skilled Senior Cloud Security Engineer to join our team at General Dynamics Information Technology. As a Senior Cloud Security Engineer, you will be responsible for designing, deploying, operating, and maintaining secure Cloud products and services within a Cloud-based environment.Key Responsibilities:Collaborate with...
-
Software Engineering Lead
1 week ago
Rockville, Maryland, United States General Dynamics Information Technology Full timeJob Title: Senior Software Engineer at General Dynamics Information TechnologySummary:As a key member of our engineering team, you will be responsible for optimizing software development processes to ensure the security and reliability of our products. You will design, deploy, and maintain secure cloud-based systems and services to support the development of...
-
Sr Software Engineer
3 months ago
Rockville, United States General Dynamics Information Technology Full timeSummary: Responsible for engineering teams’ processes to ensure our products are free from security vulnerabilities. Design, deploy, operate, and maintain secure Cloud products and services within a Cloud-based environment to enable development teams to deliver features in the most efficient way possible. Develop information systems by studying...
-
Information Security Officer
2 weeks ago
Rockville, Maryland, United States Hendall Inc Full timeJob OverviewPOSITION SUMMARYHendall Inc. is looking for a dedicated full-time Information Security Officer to enhance our robust security framework.This role will provide critical support to the Health & Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), which are committed to promoting health equity, increasing coverage, and...
-
Information Security Officer
1 week ago
Rockville, Maryland, United States Hendall Inc Full timeJob OverviewPOSITION SUMMARYHendall Inc. is in search of a dedicated Systems Security Officer to enhance our security framework.This role is crucial in supporting the Health & Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), which are committed to promoting health equity, increasing coverage, and enhancing health outcomes for the...
-
Information Security Software Engineer
2 weeks ago
Rockville, Maryland, United States ALTA IT Services Full timePosition: Cybersecurity Developer/AnalystLocation: Rockville, MD – Hybrid Work Schedule (3 days/week ONSITE)Citizenship: US citizenship required per government contractClearance: Must be able to obtain Public Trust clearanceCompany Overview:ALTA IT Services is committed to delivering innovative technologies and exceptional expertise to meet our clients'...
-
Security Engineer
2 months ago
Rockville, United States iCallidus Full timeJob DescriptionJob Description*This position is contingent upon award.*At iCallidus, we are innovators harnessing the power of creative thinkers to develop, execute, and manage groundbreaking IT solutions. Our multidisciplinary team excels in cybersecurity, digital modernization, transformation, and strategic management, ensuring our clients stay ahead in a...
-
Senior Security Engineer
2 months ago
Rockville, United States iCallidus Full timeJob DescriptionJob Description*This position is contingent upon award.*At iCallidus, we are innovators harnessing the power of creative thinkers to develop, execute, and manage groundbreaking IT solutions. Our multidisciplinary team excels in cybersecurity, digital modernization, transformation, and strategic management, ensuring our clients stay ahead in a...
-
Cybersecurity Compliance Lead
3 months ago
Rockville, United States Axle Full timeJob DescriptionJob DescriptionAxle is a bioscience and information technology company that offers advancements in translational research, biomedical informatics, and data science applications to research centers and healthcare organizations nationally and abroad. With experts in biomedical science, software engineering, and program management, we focus on...
-
Senior Cybersecurity Compliance Analyst
2 weeks ago
Rockville, United States Axle Full timeJob DescriptionJob DescriptionAxle is a bioscience and information technology company that offers advancements in translational research, biomedical informatics, and data science applications to research centers and healthcare organizations nationally and abroad. With experts in biomedical science, software engineering, and program management, we focus on...
-
IT Security and Cloud Infrastructure Engineer
3 months ago
Rockville, United States Visionary Technology Consultants Full timeJob DescriptionJob Description Job Description:We are seeking a highly skilled and motivated IT Security and Cloud Infrastructure Engineer to join our dynamic team. The ideal candidate will play a key role in supporting our Nessus vulnerability scanning and configuration compliance scanning processes, contribute to the development of secure AWS instances,...
-
Senior Cybersecurity Compliance Analyst
1 week ago
Rockville, United States Axle Full timeJob DescriptionJob Description(ID: 2024-6873)Zero Trust is seeking a Senior Cybersecurity Compliance Analyst to join our vibrant team at the National Institutes of Health (NIH) supporting the National Center for Advancing Translational Sciences (NCATS) located in Rockville, MD.Benefits We Offer:100% Medical, Dental & Vision Coverage for EmployeesPaid Time...
-
Cloud Security Engineer
4 weeks ago
Rockville, United States Gunnison Consulting Group Inc Full timeJob DescriptionJob DescriptionWe are seeking a motivated and customer-oriented professional to support our SAMHSA client.Duties and responsibilities include:The Cloud Security Engineer will be responsible for designing, implementing, and managing AWS-based solutions networking and security solutions:A qualified candidate must have hands on implementation and...
-
Cloud Security Engineer
2 weeks ago
Rockville, United States Gunnison Consulting Group Inc Full timeJob DescriptionJob DescriptionWe are seeking a motivated and customer-oriented professional to support our SAMHSA client.Duties and responsibilities include:The Cloud Security Engineer will be responsible for designing, implementing, and managing AWS-based solutions networking and security solutions:A qualified candidate must have hands on implementation and...
-
Information Technology Specialist
2 months ago
Rockville, Maryland, United States Agency For Healthcare Research And Quality Full timeWHAT YOU'LL BE DOING DAY TO DAYAs an Information Technology Specialist (INFOSEC), you will use your knowledge of and experience to optimize business results and customer experience by:Ensuring compliance and consistency of critical mission systems with the IT Security Program, enhancing interoperability and integration for business applications and IT...
-
Cybersecurity Compliance Manager
2 weeks ago
Rockville, Maryland, United States Hendall Inc. Full timeOVERVIEW Hendall Inc. is on the lookout for a dedicated Cybersecurity Compliance Manager to enhance our innovative team. RESPONSIBILITIES Supervise and validate the security framework and protocols for diverse initiatives, collaborating closely with Administrators and DevOps teams to ensure secure environments.Create information security documentation for...
-
Security Validation Engineer
2 weeks ago
Rockville, United States August Schell Full timeJob DescriptionJob DescriptionSecurity Validation Engineer – Rockville, MDNOTE: A TS/SCI IS REQUIRED FOR THIS ROLEWho we are...August Schell offers 30 years of experience in providing our customers with innovative solutions and engineering services to meet their most challenging needs. We thrive on navigating complex IT difficulties and are driven to find...
-
Security Validation Engineer
1 month ago
Rockville, United States August Schell Full timeJob DescriptionJob DescriptionSecurity Validation Engineer – Rockville, MDNOTE: A TS/SCI IS REQUIRED FOR THIS ROLEWho we are...August Schell offers 30 years of experience in providing our customers with innovative solutions and engineering services to meet their most challenging needs. We thrive on navigating complex IT difficulties and are driven to find...
-
Cybersecurity Compliance Officer
2 weeks ago
Rockville, Maryland, United States Hendall Inc Full timeJob OverviewPOSITION SUMMARYHendall Inc. is in search of a dedicated full-time Cybersecurity Compliance Officer to enhance our innovative workforce.This role will be pivotal in supporting the Health & Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), committed to serving the community as a reliable partner and steward, focused on...