Information Security Operations Engineer
Arlington, Virginia
100% Remote
Full Time
$150k - $175k
Information Security Operations Engineer
The Information Security Operations Engineer will play a critical role in supporting the Cybersecurity Services (CSS) team. This position involves implementing NIST 800-53 security controls, providing technical security assistance to infrastructure, platform, and application teams, and overseeing the security posture of NCATS systems, inventory, and applications.
The company is located in Arlington, VA and will require a couple days onsite a quarter.
What You Will Be Doing:
Desired Skills & Experience:
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.
The Information Security Operations Engineer will play a critical role in supporting the Cybersecurity Services (CSS) team. This position involves implementing NIST 800-53 security controls, providing technical security assistance to infrastructure, platform, and application teams, and overseeing the security posture of NCATS systems, inventory, and applications.
The company is located in Arlington, VA and will require a couple days onsite a quarter.
What You Will Be Doing:
- Manage daily cybersecurity operational tasks and projects, ensuring timely delivery.
- Lead and mentor the NCATS CSS Cybersecurity Operations team.
- Identify, analyze, and remediate security vulnerabilities, and present findings to management.
- Provide technical security support to infrastructure, cloud, and application development teams.
- Represent the NCATS CSS team in technical troubleshooting and provide security guidance.
- Secure systems and applications through hardening processes and ensure the safety of DevOps pipelines (e.g., Docker, GitHub).
- Proactively manage threats, vulnerabilities, and remediation efforts.
- Support ATO preparation efforts under the Risk Management Framework (RMF) and assist with System Security Plan (SSP) documentation.
- Facilitate stakeholder meetings and operational planning sessions.
- Monitor, analyze, and guide remediation for identified vulnerabilities, working with tools like Splunk, ServiceNow, Jira, and Confluence.
- Collaborate with vendors to address vulnerabilities and align with client requirements.
- Develop and report on security metrics for NCATS systems.
- Support incident response efforts and integrate vulnerability management processes into patching and baseline configurations.
-
- Proficiency in Linux/Unix, Windows environments, and Active Directory.
- Experience securing infrastructure components, networks, and DevOps pipelines.
- Familiarity with security tools such as Tenable Nessus, Palo Alto, BigFix, and Splunk.
- In-depth understanding of TCP/IP, networking principles, and database server security.
- Experience in cloud environments and tools.
- Expertise in implementing NIST 800-53 controls and RMF processes.
- Knowledge of Government mandates such as CDM and BODs.
- Experience with ATO preparation, security compliance documents, and POA&M management.
- Ability to lead technical reviews, troubleshoot incidents, and resolve threats.
- Strong analytical skills for risk management and secure system design.
Desired Skills & Experience:
-
- Bachelor’s degree in computer science, engineering, or a related field. Equivalent experience may be substituted for a degree.
- 4+ years of IT security compliance experience or 5+ additional years in lieu of a degree.
- Experience with NIST 800-53, DevOps pipelines, penetration testing, and security documentation (e.g., SARs, Waivers, Incident Response Plans).
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.