Sr IT Security Engineer

23 May 2024

Vacancy expired!

We are seeking a Senior Information Technology Security Compliance Engineer to join our team in support of a client located in Bethesda, MD. The successful candidate will assist the client's Information Systems Security Officer (ISSO).

Responsibilities include:
  • Understanding security engineering and architectures of information systems, the application of knowledge to the network environment, and Continuous Monitoring requirements.
  • Understanding software, hardware, and public-facing requirements of client's information systems on premise and in the cloud.
  • Analyzing security systems and continuously seek improvements.
  • Developing best practices and security standards for the network environment.
  • Assisting in the tracking and remediation activities of systems, networks, applications, and source code vulnerabilities by reviewing scan reports and working with the relevant parties to remediate the vulnerabilities.
  • Assisting to develop non-compliance waivers regarding business justifications, compensating controls, and residual risks.
  • Driving the implementation of security projects that require compliance with relevant government policies or standards.
  • Responding to data calls from NIH, HHS, or OMB related to IT security.
  • Supporting security engineering regulatory compliance efforts for IT programs.
  • Assisting client in coordination, implementation, communication, and enforcement of the NIH IT security policies.
  • Advising on the development and design of methodologies to conduct business case analyses of the information security infrastructure.
  • Providing guidance, assistance, and coordination to systems developers, systems administrators, and other specialists to ensure the proper and timely implementation of information systems security standards and vulnerability remediation for both systems under development and deployed in production systems.
  • Understanding and participating in incident response on-call rotation as well as communicate with Incident Response Team via meetings, emails, and conferences to promptly validate and address compliance findings.
  • Responding to systems and network security incidents, e.g., system compromise, loss of confidentiality, authentication problems, etc.
  • Implementing new processes to optimize security system to support the client organization.

Required qualifications:
  • Bachelor's degree in related technical field and 10+ years of related experience is required. Related experience includes 5 years of Unix/Windows system administration and 5 years of IT security experience. Additional experience can be substituted for a degree.
  • Strong understanding of Windows, Linux, and Active Directory.
  • Expert knowledge of IT security vulnerabilities and risk assessments with the ability to explain the risks associated with them to executives, program, and technology staff.
  • Ability to run scans (Nessus) and validate remediation.
  • Experience with major components and architecture of Tenable such as SecurityCenter, Nessus Manager, scanners, agents, and Tenable.io.
  • Experience with Secure Information Systems processes in the cloud, such as AWS.
  • Working experience in applying FISMA, and FedRAMP processes and policies to information systems.
  • Ability to work with program staff, executives, and technology staff to achieve IT security goals and objectives.
  • Understanding of the Secure Software Development Life Cycle and Splunk.
  • Excellent oral communication, writing, problem-solving skills, and attention to detail.
  • CISSP certification is required (or must obtain within 6 months of start).

  • ID: #41452176
  • State: Maryland Bethesda 20810 Bethesda USA
  • City: Bethesda
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2022-05-23
  • Deadline: 2022-07-21
  • Category: Security