Lead Cyber Security Engineer
Company: GRSi
Location: Bethesda
Posted on: April 8, 2021
|
|
Job Description:
DescriptionLead Cyber Security Engineer
Location: Bethesda, MD
GRSi, a Maryland Tech Council Top5 Technology Company in Maryland
is experiencing industry leading growth, recognized by Inc Magazine
as one of the fastest growing companies in the country for 5 years,
and led by Maryland's CEO of the Year. As part of our growth, we
are searching for a driven and dynamic Lead Cyber Security Engineer
to manage and maintain the IT security posture to world renowned
healthcare and research organizations in the Washington, DC metro
area, and around the world. This position is based in Bethesda, MD
at our state-of-the-art Technical Operations Center.
Job Description:
We are currently looking for a Lead Cyber Security Engineer to join
our team. This is an operational role focusing on security
remediation i.e., remediating vulnerabilities, findings from
penetration tests, manual patching cleanup, EOL software and
operating system upgrades.
The ideal candidate will be experienced as an ISSO/Systems Engineer
with Windows and/or Linux OS experience to maintain, upgrade and
manage our software, hardware and networks. Resourcefulness is a
necessary skill in this role. You should be able to diagnose and
resolve problems quickly. You should have the ability to
communicate with a variety of interdisciplinary teams and users.
Your goal will be to ensure that our technology infrastructure runs
smoothly and efficiently, and that vulnerabilities are
remediated.
Responsibilities
- Act as a technical and cyber security engineering-focused
extension and source of support for the NHLBI Chief ISSO
- Provide technical and operational security support for IT
security including cipher lists/orders, documentation and
maintenance of the current security infrastructure
- Perform continuous monitoring and re-assessment of
administrative, physical, and technical security controls
- Execute tasks including but not limited to, audit log review,
accounts review, patch reporting, configuration management, and
security impact analysis
- Perform vulnerability remediation and risk analyses of computer
systems and applications
- Support ongoing security awareness throughout the
organization
- Install and configure software and hardware
- Monitor network or system activities for malicious activity
- Recommend security solutions according to company and customer
policy and standards
- Report gaps as applicable with appropriate recommendations
- Ensure 100% encryption compliance with NIH, NHLBI security
policies
- Ensure 100% compliance of all Windows, Linux and Mac
desktop/workstations with NIH, HHS, and other Federal standard
security settings identified by the Client
- Ensure 100% compliance of all Windows, and Linux servers with
NIH, HHS, and other Federal standard security settings identified
by the Client
- Demonstrated knowledge of NIST, NIH, HHS, SANS, CWE guidance for
the SA&A, ability to recommend security controls
- Must understand and be able to explain vulnerabilities and
weaknesses, discuss effective defensive techniques with both
technical and non-technical audiences
- Strong understanding and demonstrated experience applying a
risk-based approach to information security and IT assessments
- Perform and provide timely (within SLAs) operational support for
remediation of vulnerabilities including HW, SW, website, and
applications identified by the Client
- Work with NIH CIT/IRT Security Team to ensure all assigned
vulnerability configuration remediation actions are completed
within designated timeframe approved
- Respond to internal and external (to NIH) information security
alerts and incidents
- Manage and work with the NHLBI Security Team on the remediation
of Plan of Action and Milestones (POA&M) items
- Develop and implement information assurance/security standards
and procedures
- Comply with the escalation of security incidents policies and
procedures
- Verify installation and evaluation of new Software, perform
testing using NIH standard testing and security tools
- Perform, support hardening of all server and workstation desktop
images and configurations for security in accordance with guidance
from the Chief ISSO and other Security departments
- Coordinates and leads complex events to assess software and
hardware baselines to include the following technology areas:
Windows Server, Windows Desktops, Enterprise Linux/Unix, Mac, Cisco
switches and routers, VMware, JRE, Office products, DNS, Load
Balancers, web servers, etc.
- Develop, maintain, and coordinate complex C&A Plans and
Security Plans accreditation/authorization on assigned projects
- Perform / conduct STIG, CIS compliance checks on Windows
Linux/Unix. Mac Operating Systems along with other devices like
network security appliances, switches, printers etc., Compile
STIG/CIS checklists
- Manage the enterprise-wide Vulnerability Management Process while
performing vulnerability assessments using vulnerability and
analytics security tools
- Manage the enterprise-wide Intrusion Detection and Preventions
Systems
- Implement a process to periodically review to ensure controls are
functioning effectively
- Lead and perform Security Control Assessment, Contingency Plan
Test in accordance with NIH Annual Assessment Guidance
- Develop and maintain Security Documents/deliverables like
SA&A Package, System Security Plan (SSP), Contingency Plan
(CP), Business Impact Assessment (BIA) etc., document mitigation
statements as well as detailed risk accepted statements
Areas of Focus
- Device Patching & Check-in Policy Implementation
- Anti-Virus SW Implementation
- Weak Ciphers Cleanup Efforts
- Configuration Compliance Cleanup Efforts
- Cloud security best practices
Requirements/Qualifications
- Bachelor's Degree in Computer Science, Information Technology or
Cybersecurity
- 12+ years of experience
- Professional experience troubleshooting OS and supporting client
configuration, and network access
- Ability to express complex concepts in a clear,
easy-to-understand manner with various levels of users and in
face-to-face interactions as well as in writing.
- Proven experience as a System Administrator
- Experience with databases, networks (LAN, WAN) and patch
management
- Knowledge of system security (e.g., intrusion detection systems)
and data backup/recovery
- Ability to create scripts in PowerShell, Bash, Ruby or Python
- Familiarity with various operating systems and platforms
- Resourcefulness and problem-solving aptitude
- Excellent communication skills
- Ability to obtain a Public Trust Clearance
Desired Certifications
- CompTIA Net+
- CompTIA A+
- CompTIA Security +
- CISSP Certified Information Systems Security Professional
- CPTE Certified Penetration Testing Engineer or CEH - Certified
Ethical Hacker
- SANS, CWE or other relevant certification
The Company:
Innovation, Collaboration and Agility - at GRSi these aren't buzz
words, they're our mantra.
--
GRSi is an ISO certified and CMMI/dev-ML3 rated professional
services organization with expertise that covers all areas of
information technology and professional engineering services --
from systems integration; Agile, Iterative and Waterfall software
development; multi-tier infrastructure support; to full spectrum
cyber security and enterprise systems support. Regardless of the
program or the task, the excellence of GRSi is all about the
people. Our greatest asset is our ability to attract and retain
highly qualified professionals and our record growth this past year
means new opportunity.
GRSi is an Equal Opportunity/Affirmative Action employer. Qualified
applicants or employees will receive consideration for employment
without regard to race, color, religion, ethnic or national origin,
ancestry, age, sex, sexual orientation, gender identity, pregnancy
(including childbirth or related condition) citizenship, familial
status, mental or physical disability status, veteran status,
genetic information, other non-disqualifying disability, or any
other characteristic protected by law.--
*2020 - Top 5 Gov't Contractor, MD Tech Council, 4th year*
*2020 - Inc Magazine Fastest Growing Companies, 6th year*
*2020 - G2Xchange NXT UP Federal Emerging Technology and Consulting
Firms*
*2019 - MD Tech Council CEO of the Year*
*ISO 9001:2015, 20000:2018 & 27001:2013 Certified / CMMI-ML3
Appraised* You have been redirected to a GRSi job page
Keywords: GRSi, Bethesda , Lead Cyber Security Engineer, Engineering , Bethesda, Maryland
Click
here to apply!
|
Didn't find what you're looking for? Search again!
Other Engineering JobsControls Engineer Description: Farm Operations - Robotics Automation / Bowery Farming, the Modern Farming Company, was founded in 2015 with the belief that technology and human ingenuity can grow better food for a better future. (more...) Company: Bowery Farming Location: Baltimore Posted on: 04/13/2021 RF Design Engineer Description: Position Summary br ul li Lead the development of state-of-the-art, miniature microwave receivers for government and military applications. li Perform top level requirements analysis and design (more...) Company: Corporate Brokers Location: White Marsh Posted on: 04/13/2021 Mechanic Description: Immediate temp-to-hire opportunities for experienced mechanics in Thomasville, Pa Our well-known manufacturing client is seeking experienced mechanics to perform equipment and facilities maintenance Company: System One Location: York Posted on: 04/13/2021 Mechanic Description: Join Our Team Sunbelt Rentals strives to be the customer's first choice in the equipment rental industry. From pumps to scaffolding to general construction tools, we aim to be the only call needed to (more...) Company: Sunbelt Rentals, Inc. Location: Rosedale Posted on: 04/13/2021 Senior Radio Frequency Design Engineer Description: Responsibilities: Lead development of microwave receivers for government and military applications. Perform Company: Synerfac Technical Staffing Location: White Marsh Posted on: 04/13/2021 Mac Tools Seeking Mechanics - Automotive Technicians - Full Training Description: Job title: Mac Tools Seeking Mechanics - Automotive Technicians - Full Training br br Job description: br br Build a Great Career and a Quality Life with Mac Tools. br br Feel the freedom (more...) Company: Mac Tools Location: Rosedale Posted on: 04/13/2021 Diesel Technician/Mechanic III - Entry Level Description: What's the Job Ready to accelerate your career while helping our customers move forward As a Technician III at Penske, you'll do exactly that. Here, you'll do preventative maintenance and minor repairs (more...) Company: Penske Location: Baltimore Posted on: 04/13/2021 Industrial Controls Engineer/Principal-Manufacturing Operations Description: Category: EngineeringLocation: Baltimore, MarylandUS Citizenship Required for this Position: YesClearance Type: NoneTelecommute: No -Teleworking not available for this positionShift: 1st ShiftTravel Required: (more...) Company: Northrop Grumman Location: Baltimore Posted on: 04/13/2021 Mac Tools Seeking Mechanics - Automotive Technicians - Full Training Description: Job title: Mac Tools Seeking Mechanics - Automotive Technicians - Full Training br br Job description: br br Build a Great Career and a Quality Life with Mac Tools. br br Feel the freedom (more...) Company: Mac Tools Location: Stevensville Posted on: 04/13/2021 Senior Network Engineer Description: Augustine Consulting, Inc. provides technology advancements and improvements to ensure Warfighters possess reliable, resilient communications against all adversaries, anywhere, anytime, in all domains, (more...) Company: Augustine Consulting, Inc. Location: Gunpowder Posted on: 04/13/2021 |