As a Security Engineer, you will provide Cybersecurity Engineering assistance support to the Enterprise Information Technology Project Management Office (eIT PMO) for the Medical Research Information Technology System (MeRITS). In assuming this position, you will be a critical contributor to meeting NCI's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments. This position is located in Ft. Detrick, MD; relocation assistance, while not guaranteed, may be available.
- Continuously monitor and complete the necessary updates to the MeRITS Department of Defense (DoD) Risk Management Framework (RMF) packages
- Provide expertise and direction in the areas of Security Engineering and Cybersecurity requirements
- Plan, provide oversight and executie RMF processes in accordance with Department of Defense (DoD) and Army instructions and regulations
- Conduct Cybersecurity reviews of the MeRITS components in both an operational and test environment
- Assist in pre-assessment preparation during accreditation activities of the MeRITS
- Conducts and evaluates Security Technical Implementation Guide (STIG) compliance using ACAS/ Nessus, SCAP Compliance Checker, and manual checklist reviews on a wide array of IT devices for. This includes Windows, Virtual Machines, Red Hat Linux servers, databases desktops, routers, switches, firewalls, IDS, etc.
- Assesses DoD Information Systems against the RMF security controls IAW DoDI 8500, DoDI 8510 and NIST SP 800-53
- Develops and reviews for compliance documentation and artifacts such as Configuration Management Plans, Network Infrastructure Plans, Business Continuity and Disaster Recovery Plans, Plan of Action and Milestones (POA&Ms), topology diagrams and all supporting policies in support of RMF A&A activities
- Identifies mitigating controls for identified risks and proposes additional mitigation strategies for identified vulnerabilities
- Applies STIGs to a variety of devices to ensure compliance
- Experience with eMASS and a strong understanding of the CNSS 1253 CCIs
- Authors government deliverables such as the SAR, RMF recommendation memorandum, etc.