Back to jobs

Information Security Compliance Engineer

(ID: 2024-6871)


Zero Trust is seeking a Information Security Compliance Engineer to join our vibrant team at the National Institutes of Health (NIH) supporting the National Center for Advancing Translational Sciences (NCATS) located in Rockville, MD.

Benefits We Offer:

  • 100% Medical, Dental & Vision Coverage for Employees
  • Paid Time Off and Paid Holidays
  • 401K match up to 5%
  • Educational Benefits for Career Growth
  • Employee Referral Bonus
  • Flexible Spending Accounts:
    • Healthcare (FSA)
    • Parking Reimbursement Account (PRK)
    • Dependent Care Assistant Program (DCAP)
    • Transportation Reimbursement Account (TRN)

The Information Security Compliance Engineer will support the NCATS Cybersecurity Services (CSS) team in implementing the NIST 800-53 security controls and assist the infrastructure, platform and application teams with technical security support. Oversee the security posture of NCATS systems, inventory, and applications. Provide Risk Management Framework (RMF) support. Assist in the remediation of Plan of action and miles stones (POA&M) by. Provide analysis of day-to-day security activities, identify, and manage cyber risks, prepare remediation plans, be able to effectively draft compliance documentation. The Infosec Compliance Engineer will also use the expertise to manage security incident workflows and waivers. Provide strategic design guidance to all the stakeholders to translate security and business requirements into technical designs; configure and validate secure complex systems; and help test security products and systems to detect security weakness. 

 

PRIMARY RESPONSIBILITIES: 

  • Manage daily Cybersecurity Operational activities.
  • Proactively Manage Cybersecurity Operations projects and tasks and ensure on time delivery.
  • Take initiatives to identify, analyze and remediate weaknesses and present reports to the management.
  • Lead and mentor the NCATS CSS Cybersecurity Operations team.
  • Must be able to represent NCATS CSS team and provide technical security guidance in troubleshooting calls.
  • Must have hands on experience with firewalls, load balancers switches, routers, Windows and Linux/Unix servers.
  • Must have expert understanding of TCP/IP and networking principles.
  • Take the lead on securing NCATS system and applications through system hardening.
  • Must be able to secure DevOps pipelines by providing technical security guidance and support to the application and infrastructure teams. 
  • Lead the security operations in proactively managing threats, vulnerabilities and remediation efforts.
  • Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.
  • Lead NCATS Cybersecurity ATO preparations efforts to follow the Risk Management Framework (RMF).
  • Have a solid understanding of the ATO preparation and security controls implementation process.
  • Lead ATO technical guidance efforts and help write documents such as System Security Plans (SSPs).
  • Schedule and coordinate operational activities, sessions, and meetings with the stakeholders.
  • Provide security controls implementation guidance. 
  • Provide effective guidance to the stakeholders on secure baseline configurations.
  • Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.
  • Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.
  • Develop daily, weekly, and annual NCATS security landscape metrics.
  • Help the Vulnerability Management team to Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities. 
  • Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

REQUIRED QUALIFICATIONS: 

  • Must Have hands on Linux/Unix experience and know how secure the systems. 
  • Understand how to implement security controls based on NIST 800-53. 
  • Must be able to conduct and lead technical reviews and analysis with infrastructure and application teams.
  • Must be able to troubleshoot security incidents and lead the other technical teams to resolve incidents as well as remediate the threats and concerns.
  • Must be able to provide guidance on security control implementation and perform technical tasks when needed for Windows, Linux/Unix environments.
  • Must be familiar with networking and other infrastructure components such as traffic flow, access management and Active Directory etc. 
  • Be able to manage cyber risks by providing guidance to secure system designs, baseline configuration assistance and administer ATO preparation activities. 
  • Be able to manage and administer the security tools and have hands on working experience with Tenable Nessus, Netsparker,  Trellix suite, Palo Alto, BigFix, Splunk, etc. and cloud-based equivalents. 
  • Must have experience with DevOps security controls implementation.
  • Must be familiar with GitHub, Docker and in general with the CI/CD pipeline security.
  • Assist in security incident response efforts.  
  • Work with other teams to integrate the NCATS Threat and Vulnerability Management processes with the patching cycles, baseline configurations and CIS benchmarks. 
  • Must be familiar with database server architecture and be able to provide security support to the database team. 
  • Must be familiar with Cloud environments and tools.   
  • Must be familiar with Risk Management Framework (RMF) and Government mandates such as continuous diagnostic mitigation (CDM) and Binding operations directives (BODs) 
  • Identify, analyze, and develop mitigation or remediation actions for POA&Ms 
  • Assist with a reliable patch and compliance management mechanism for all on-premises and cloud systems. 
  • Recommend, configure, and install advanced firewalls and centrally manage other security tools in multiple cloud environments. 

PREFERRED QUALIFICATIONS: 

  • BS degree in computer science, computer engineering, information systems, privacy engineering or related field of study. 
  • Bachelor's degree in a relevant technical discipline and 4+ years of overall related IT security compliance experience. 5+ years of additional related years of experience is accepted in lieu of a degree.  
  • Experience working with NIST 800-53 series guidance. 
  • Familiarity with Windows/Unix/Linux platforms. 
  • Familiarity with DevOps pipelines, code scanning, penetration testing etc. 
  • Experience in security compliance documentations such as SARS[MB1] [IJ2] , Waivers, Contingency and Incident Response plans, etc. 

 

 

Disclaimer:The above description is meant to illustrate the general nature of work and level of effort being performed by individuals assigned to this position or job description. This is not restricted as a complete list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description or responsibilities as needed.

The diversity of Zero Trust’s employees is a tremendous asset. We are firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination or harassment based on age, race, gender, religion, national origin, disability, marital status, covered veteran status, sexual orientation, status with respect to public assistance, and other characteristics protected under state, federal, or local law and to deter those who aid, abet, or induce discrimination or coerce others to discriminate.

Accessibility: If you need an accommodation as part of the employment process please contact: careers@axleinfo.com

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...
Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Axle’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.