• Security Engineer

    Job ID 2019-4033
    Job Locations
    US-MD-Fort Detrick
    Category
    IT: Information Assurance / Quality / Cyber Security
    Type
    Regular Full-Time
  • Responsibilities

    As a Security Engineer, you will provide Cybersecurity Engineering assistance support to the Enterprise Information Technology Project Management Office (eIT PMO) for the Medical Research Information Technology System (MeRITS).  In assuming this position, you will be a critical contributor to meeting NCI's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments. This position is located in Ft. Detrick, MD; relocation assistance, while not guaranteed, may be available.

     

    Responsibilities:

    • Continuously monitor and complete the necessary updates to the MeRITS Department of Defense (DoD) Risk Management Framework (RMF) packages
    • Provide expertise and direction in the areas of Security Engineering and Cybersecurity requirements
    • Plan, provide oversight and executie RMF processes in accordance with Department of Defense (DoD) and Army instructions and regulations
    • Conduct Cybersecurity reviews of the MeRITS components in both an operational and test environment
    • Assist in pre-assessment preparation during accreditation activities of the MeRITS
    • Conducts and evaluates Security Technical Implementation Guide (STIG) compliance using ACAS/ Nessus, SCAP Compliance Checker, and manual checklist reviews on a wide array of IT devices for. This includes Windows, Virtual Machines, Red Hat Linux servers, databases desktops, routers, switches, firewalls, IDS, etc.
    • Assesses DoD Information Systems against the RMF security controls IAW DoDI 8500, DoDI 8510 and NIST SP 800-53
    • Develops and reviews for compliance documentation and artifacts such as Configuration Management Plans, Network Infrastructure Plans, Business Continuity and Disaster Recovery Plans, Plan of Action and Milestones (POA&Ms), topology diagrams and all supporting policies in support of RMF A&A activities
    • Identifies mitigating controls for identified risks and proposes additional mitigation strategies for identified vulnerabilities
    • Applies STIGs to a variety of devices to ensure compliance
    • Experience with eMASS and a strong understanding of the CNSS 1253 CCIs
    • Authors government deliverables such as the SAR, RMF recommendation memorandum, etc.

     

    Qualifications

    Requirements:

    • Current/active Security Clearance
    • Bachelor's degree from an accredited university in Computer Science, Information Technology, or related field
    • DoD 8570.01-M IAT III or IASAE II (CISSP/CASP)
    • 8 - 10 Years of Cybersecurity Expertise

    Preferred Education and Experience:

    • 10+ years of related experience in the field of Security Engineering, Cybersecurity, or Information Assurance
    • ACAS, DISA Host Based Security System (HBSS), and  HIPAA certified

     

    Physical Requirements:

     

    This position requires the ability to perform the below essential functions:

    • Sitting for long periods
    • Standing for long periods
    • It is the policy of NCI to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. In addition, we affirm that all compensation, benefits, company-sponsored training, educational assistance, social, and recreational programs are administered without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, or gender identity. It is our firm intent to support equal employment opportunity and affirmative action in keeping with applicable federal, state, and local laws and regulationsNCI is a VEVRAA Federal Contractor.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.