NIH - Sr. Cybersecurity Engineer / Architect
Location
United States
Posted
5 days ago
Salary
Not specified
Seniority
Senior
Job Description
Qualifications:
- Bachelor’s degree in Computer Science, Cyber Security, or related field.
- 10+ years of cybersecurity engineering or security architecture experience.
- Experience designing and implementing security controls in federal or regulated environments.
- Security architecture and engineering practices
- NIST Risk Management Framework (RMF)
- NIST SP 800‑53 security controls
- FISMA compliance
- Security authorization / ATO processes
- Incident response and threat analysis
- Network security architecture and firewall management
- Lead security engineering and architecture activities
- Implement NIST 800-53 controls
- Advise development teams on secure SDLC practices
- Support incident response analysis
- Implement security controls and network protections
- Design, review, and implement secure architectures supporting hybrid scientific and IT environments across NCATS infrastructure.
- Provide technical leadership on security engineering solutions supporting secure system development and infrastructure modernization.
- Ensure architectures align with NIST SP 800‑53, NIST SP 800‑37, NIST SP 800‑160, FISMA, and NIH security policies.
- Integrate security engineering practices across the system development lifecycle (SDLC) using DevSecOps and security‑by‑design principles.
- Provide technical cybersecurity consulting to developers, engineers, and project stakeholders implementing NIST SP 800‑53 Rev. 5 security and privacy controls throughout system development.
- Participate in architecture discussions, sprint reviews, and design reviews to ensure security requirements are integrated into system design and implementation.
- Map system functionality to applicable security controls and develop control baselines aligned with system FIPS‑199 categorizations.
- Provide implementation guidance on encryption, identity management, logging, secure API management, and other security technologies.
- Assist with development of RMF artifacts including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs.
- Serve as a technical lead supporting incident response coordination, analysis, and remediation across NCATS systems.
- Coordinate with NCATS IT teams, security stakeholders, and the NIH Cyber Security Operations team.
- Perform incident triage, containment, analysis, escalation, and remediation activities.
- Conduct forensic analysis, malware review, and technical investigations supporting incident response activities.
- Develop incident reports documenting root cause, impact, remediation steps, and lessons learned.
- Support system authorization and assessment readiness activities for NCATS information systems.
- Conduct pre‑assessment reviews and security control validation to prepare systems for compliance with federal security requirements.
- Develop and maintain Authority to Operate (ATO) documentation and supporting artifacts.
- Support FedRAMP authorization activities where applicable.
- Assist with independent security assessments and remediation of identified vulnerabilities.
- Provide engineering support for network security architecture and firewall management across the NCATS environment.
- Design and maintain network segmentation strategies and security zones based on risk and sensitivity.
- Implement firewall rules based on least privilege and default‑deny principles.
- Conduct firewall configuration management, rule validation, and change control.
- Validate logging configurations across network devices to support federal logging and monitoring requirements.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
The role involves providing overall cybersecurity program oversight, coordinating Risk Management Framework (RMF) activities, and managing reporting to leadership for the National Institutes of Health (NIH) program. Duties also include overseeing Authority to Operate (ATO) readiness, coordinating security training, and ensuring cybersecurity services align with federal policies like FISMA and NIST SP 800-53.
The Regional Cyber Security Lead will drive the Cyber Security strategy within a designated region, collaborating with local managers to implement organizational and technical measures for compliance and maturity enhancement. Primary duties involve overseeing regional operations, developing security processes, conducting risk assessments, and acting as the IT/OT cyber security single point of contact.
Technical Development Representative – Animal Biosecurity
CDM SmithMore than an engineering & construction firm, we are a community passionate about meaningful projects and each other.
Technical Development Representative enhancing poultry biosecurity for Arxada.
Senior Counsel, Security and Technology
CoinbaseWe're building an open financial system for the world.
The Senior Counsel will advise on compliance with cybersecurity laws, assist with incident responses, provide regulatory guidance, and manage outside counsel related to security and technology issues.
