cFocus Software seeks a Cyber Security Engineer III to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:-
Public Trust Clearance
-
B.S. Computer Science, Information Technology, or a related field
-
6+ years of experience implementing enterprise cybersecurity technologies.
-
Experience supporting Federal cybersecurity programs.
-
Experience engineering enterprise security solutions across Windows, Linux, cloud, and hybrid environments.
-
Experience implementing NIST cybersecurity controls and Federal security requirements.
-
Active CISSP, CCSP, Security+, CEH, GSEC, GCIH, or AWS Certified Security - Speciality
Duties:-
Engineer, deploy, configure, and maintain enterprise cybersecurity technologies supporting NIH information systems.
-
Support security monitoring and operational cyber defense activities across on-premises, hybrid, and cloud environments.
-
Administer endpoint security, endpoint detection and response (EDR), anti-malware, and host-based security solutions.
-
Implement secure configurations and system hardening in accordance with NIST, HHS, and NIH security standards.
-
Configure and maintain enterprise identity and access management (IAM) security technologies.
-
Support implementation and enforcement of Zero Trust Architecture (ZTA) principles.
-
Assist with enterprise log management, security monitoring, and event correlation capabilities.
-
Perform technical security assessments of servers, workstations, cloud resources, databases, and applications.
-
Coordinate with system administrators and application owners to implement security controls and corrective actions.
-
Support enterprise cybersecurity modernization initiatives.
-
Perform enterprise vulnerability assessments using approved vulnerability scanning platforms.
-
Analyze vulnerability scan results and prioritize remediation activities based on risk.
-
Coordinate vulnerability remediation with system administrators, application teams, and infrastructure personnel.
-
Verify remediation activities through follow-up validation testing.
-
Perform security configuration reviews against DISA STIGs, CIS Benchmarks, and NIH security baselines.
-
Monitor compliance with organizational vulnerability remediation timelines.
-
Develop remediation recommendations for operating systems, applications, databases, network devices, and cloud services.
-
Support development of Plans of Action & Milestones (POA&Ms) related to identified vulnerabilities.
-
Conduct risk analysis associated with newly discovered vulnerabilities and emerging threats.
-
Develop vulnerability metrics and executive reporting supporting enterprise cybersecurity risk management.
-
Design, engineer, implement, and maintain enterprise security architectures supporting NIH mission systems.
-
Engineer secure cloud environments within Microsoft Azure, Microsoft 365, AWS, and hybrid infrastructures.
-
Support implementation of network security technologies including firewalls, IDS/IPS, web application firewalls, secure gateways, and network segmentation.
-
Implement secure authentication, encryption, privileged access management, and certificate management solutions.
-
Engineer secure infrastructure supporting NIST Risk Management Framework (RMF) security controls.
-
Evaluate emerging cybersecurity technologies and recommend improvements to enterprise security architecture.
-
Support secure system lifecycle engineering activities throughout system development and modernization efforts.
-
Participate in technical architecture reviews and security design assessments.
-
Develop engineering documentation, implementation guides, standard operating procedures, and technical diagrams.
-
Support implementation of Cybersecurity Supply Chain Risk Management (C-SCRM) controls where applicable.
EyGPSbm5sd