The Cyber Security Engineer will provide support for the operational support, build-out, and day-to-day operational maintenance of enterprise infrastructure and related enterprise core services.
The candidate will be required to develop a variety of Security Authorization deliverables including: System Security Plans, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments, Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, etc. The engineer will be required to analyze processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security. Activities will include coordination of plans of actions and milestones (POA&Ms) so they are completed timely and submitted as required. The candidate will consult and advise on information security issues and participate in security incident response efforts as required. These activities will be conducted in the context of a fast paced and dynamic scientific computing operational unit that provides shared services broadly to various centers. The engineer will be required to work with key stakeholders to enable compliance as required while providing the flexibility required to enable a robust scientific computing environment.
- Support the analysis and review of information security programs and systems to ensure compliance to federal security policies
- Develop a variety of Security Authorization deliverables including: System Security Plans, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments, Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, Plan of Action and Milestones (POA&M), etc.
- Analyze and review processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security.
- Provide guidance on security threats, technology, standards, and practices.
- Develop, review and monitor compliance with organizational security policies.
- Monitor, track and report on the status of POA&M items.
- Proactively manage risks, and systematically resolve or escalate issues in a timely manner.
- 7+ years of work experience in IT in one or more areas of infrastructure, systems management, operations, or security
- 5+ years of technical cyber security experience
- 2+ years of experience consulting or operating IAM solutions for cloud service providers (Microsoft Azure or Google Cloud Platform) or equivalent Microsoft Azure/Google Cloud Platform certification(s)
- Working knowledge of system and network security engineering best practices, operating systems and application auditing.
- Thorough understanding of the NIST risk management framework and related industry best practices.
- Broad background in information assurance (IA) activities required to facilitate and coordinate IA activities for a project to obtain an Authorization to Operate (ATO)
- 3+ years experience with CDC Security processes and procedures
- Security Certifications: CISSP, GIAC, CISA, CISM
- US Citizenship w/ Public Trust eligibility