• Senior IT Security Engineer

    Posted Date 3 weeks ago(5/28/2018 5:06 PM)
    Job ID
    # of Openings
    Job Location(s)
    Business Development
  • Overview

    Medical Science & Computing (MSC) is an exciting growth oriented company, dedicated to providing mission critical scientific and technical services to the Federal Government. We have a distinguished history of supporting the National Institutes of Health (NIH) and other government agencies. MSC offers a dynamic and upbeat work environment, excellent benefits and career growth opportunities.


    We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation, Medical and Flexible Spending Accounts, Pre-Tax Transit Assistance and tuition reimbursement. If you enjoy being a part of a high performing, professional service and technology focused organization, please apply today!


    Duties & Responsibilities

    Medical Science & Computing is searching for a Senior IT Security Engineer to support enterprise information technology support teams at the National Institutes of Health (NIH).

    Primary Responsibilities:

    • Assist the Information System Security Officer (ISSO) and other IT management to ensure compliance with all applicable security regulations and policies.
    • Promote security awareness throughout IT teams and end-user communities via routine and emergency communications and campaigns as appropriate.
    • Manage security incidents throughout their full lifecycle, including communication and notifications, staff coordination, forensic analysis, after action reporting, and follow-up improvement planning based on lessons learned.
    • Support criminal and/or ethical investigations, providing accurate and timely information and maintaining confidentiality.  
    • Install, configure, monitor, and maintain firewalls.
    • Install, configure, and maintain security scanning tools; maintain inventory; troubleshoot performance issues; adjust rules as needed to improve detection rates and reduce false positives.
    • Perform routine application and server scanning using tools such as IBM App Scan and the Tenable Nessus suite; analyze results and advise system owners on remediation requirements and mitigation strategies; monitor, report on, and verify success of remediation efforts.
    • Coordinate ongoing and emergency security patching of all servers, systems, and desktops/laptops/tablets using tools such as Microsoft WSUS, IBM BigFix, ASUS, and Puppet.
    • Implement and maintain systems for continuous 24/7 monitoring and alerting. Analyze monitoring data; identify remediation and improvement areas; communicate findings, consult on solutions; oversee action plan implementation; verify results.
    • Perform system and application log consolidation, review, and analysis and security monitoring on a daily basis.
    • Work with server and desktop management teams to install, configure, maintain, and support encryption, endpoint security, and anti-malware software for preventing viruses, identifying compromises, remediating infections, and confirming resolutions.
    • Identify industry recognized security configuration baselines for enterprise adoption and/or create new security configuration baselines where there is a recognized need but no formal baselines yet exist; work to promote adoption and compliance; auditing systems and processes and remediating as needed.
    • Consult with users as needed to determine security compliance and recommend best practices and solutions that meet their needs and secure their systems.
    • Create, revise, and disseminate security-related communications, documentation, SOPs, performance plans and measures, and reports.
    • Participate in enterprise-wide security working groups to advocate for customer requirements and support best practices in solutions development.
    • Assess technologies, processes, and services to identify potential improvement targets; collect data; monitor performance metrics; make recommendations; plan corrective and continual improvement actions/projects.
    • Establish, manage, and maintain security policy waiver process; keep detailed and accurate records; coordinate/monitor mitigation actions.




    Basic Qualifications:

    • Bachelor’s Degree in Computer Science, Information Systems Management, or other related discipline
    • Minimum of eight years of experience in enterprise security management roles in complex, research-oriented environments.
    • Advanced certifications to demonstrate level of security expertise such as one or more of the following:
      • Certified Information Systems Security Professional (CISSP)
      • Certified Information Systems Auditor (CISA)
      • Certified Information Security Manager (CISM)
      • Certified Ethical Hacker (CEH)
      • Certified in Risk and Information Systems Control (CRISC)
      • GIAC Certified Enterprise Defender (GCED)
      • GIAC Certified Forensic Analyst (GCFA)
      • GIAC Certified Intrusion Analyst (GCIA)
      • GIAC Certified Penetration Tester (GPEN)
      • GIAC Certified Project Manager Certification (GCPM)
      • GIAC Network Forensic Analyst (GNFA)
      • GIAC Security Expert (GSE)
      • GIAC Security Leadership Certification (GSLC)
      • GIAC Strategic Planning, Policy, and Leadership (GSTRT)
      • GIAC Systems and Network Auditor (GSNA)
    • Proficiency in the implementation and utilization of the following tools:
      • IBM Rational AppScan
      • Palo Alto Firewall Management
      • Tenable Nessus Scanners
      • Tenable Security Center
      • ESET NOD32 Anti-Virus Software
      • Splunk Log Management and Analysis Software
      • Enterasys SEIM
      • BitLocker
      • GMER
      • MALbytes
    • Expertise in federal requirements: FISMA, NIST, etc.
    • Demonstrated understanding of and experience implementing and improving processes within an ITIL-based environment; minimum of ITIL Foundation certification preferred
    • Excellent organization and technical project management skills using both traditional and agile methodologies; familiarity with IT project governance and HHS Enterprise Project Life Cycle (EPLC); PMP certification preferred
    • Ability to effectively and confidently communicate – in writing and presenting – complex topics and procedures with team members and all levels of customer stakeholders
    • Excellent customer service skills in working with customer leads and stakeholders
    • Excellent attention to detail, quality, and follow-through
    • Commitment to continuous improvement and the elimination of performance variability
    • Ability to adapt to rapidly changing requirements with a flexible and creative approach to brainstorming, troubleshooting, and problem solving
    • Ability to meet all requirements for obtaining and maintaining a Public Trust Clearance




    Medical Science & Computing is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected Veteran status.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed