NIH - Cyber Security Engineer III
Remote
Full Time
NIH - ISPSS
Experienced
cFocus Software seeks a Cyber Security Engineer III to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 6+ years of experience implementing enterprise cybersecurity technologies.
- Experience supporting Federal cybersecurity programs.
- Experience engineering enterprise security solutions across Windows, Linux, cloud, and hybrid environments.
- Experience implementing NIST cybersecurity controls and Federal security requirements.
- Active CISSP, CCSP, Security+, CEH, GSEC, GCIH, or AWS Certified Security - Speciality
Duties:
- Engineer, deploy, configure, and maintain enterprise cybersecurity technologies supporting NIH information systems.
- Support security monitoring and operational cyber defense activities across on-premises, hybrid, and cloud environments.
- Administer endpoint security, endpoint detection and response (EDR), anti-malware, and host-based security solutions.
- Implement secure configurations and system hardening in accordance with NIST, HHS, and NIH security standards.
- Configure and maintain enterprise identity and access management (IAM) security technologies.
- Support implementation and enforcement of Zero Trust Architecture (ZTA) principles.
- Assist with enterprise log management, security monitoring, and event correlation capabilities.
- Perform technical security assessments of servers, workstations, cloud resources, databases, and applications.
- Coordinate with system administrators and application owners to implement security controls and corrective actions.
- Support enterprise cybersecurity modernization initiatives.
- Perform enterprise vulnerability assessments using approved vulnerability scanning platforms.
- Analyze vulnerability scan results and prioritize remediation activities based on risk.
- Coordinate vulnerability remediation with system administrators, application teams, and infrastructure personnel.
- Verify remediation activities through follow-up validation testing.
- Perform security configuration reviews against DISA STIGs, CIS Benchmarks, and NIH security baselines.
- Monitor compliance with organizational vulnerability remediation timelines.
- Develop remediation recommendations for operating systems, applications, databases, network devices, and cloud services.
- Support development of Plans of Action & Milestones (POA&Ms) related to identified vulnerabilities.
- Conduct risk analysis associated with newly discovered vulnerabilities and emerging threats.
- Develop vulnerability metrics and executive reporting supporting enterprise cybersecurity risk management.
- Design, engineer, implement, and maintain enterprise security architectures supporting NIH mission systems.
- Engineer secure cloud environments within Microsoft Azure, Microsoft 365, AWS, and hybrid infrastructures.
- Support implementation of network security technologies including firewalls, IDS/IPS, web application firewalls, secure gateways, and network segmentation.
- Implement secure authentication, encryption, privileged access management, and certificate management solutions.
- Engineer secure infrastructure supporting NIST Risk Management Framework (RMF) security controls.
- Evaluate emerging cybersecurity technologies and recommend improvements to enterprise security architecture.
- Support secure system lifecycle engineering activities throughout system development and modernization efforts.
- Participate in technical architecture reviews and security design assessments.
- Develop engineering documentation, implementation guides, standard operating procedures, and technical diagrams.
- Support implementation of Cybersecurity Supply Chain Risk Management (C-SCRM) controls where applicable.
Apply for this position
Required*