Job Description: Cyber Security Engineer
Client: NIH – Cloud Operations and Security Team (OST)
Location: Remote / On-Site at NIH Campus, Bethesda, MD
Clearance Requirement: U.S. Citizen / Public Trust
Visas : H1B & USC ONLY
Overview: The Cyber Security Engineer will play a critical role within the Cloud Operations and Security Team (OST) at the National Institutes of Health (NIH). The engineer will be responsible for ensuring the secure architecture, management, and ongoing operational support of NIH's cloud environments, which include Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and GitHub Enterprise Cloud. As the OST team evolves with the increasing cloud adoption across NIH, the engineer will help drive secure cloud solutions by integrating and assessing new cloud technologies while adhering to security best practices and NIH-specific regulatory requirements.
Responsibilities:
- Architect, implement, and maintain security frameworks for cloud environments (AWS, GCP, Azure, OCI) used across NIH, ensuring compliance with federal security regulations and NIH-specific policies.
- Conduct regular security assessments, vulnerability scans, and audits to ensure cloud environments are protected against emerging threats and vulnerabilities.
- Monitor cloud environments to detect, respond to, and mitigate security incidents, using industry-standard SIEM tools and cloud-native security features.
- Collaborate with the Cloud Operations and Security Team to assess, evaluate, and adopt new cloud technologies while ensuring robust security controls are in place.
- Implement and enforce cloud security best practices, including identity and access management (IAM), data encryption, threat intelligence, logging and monitoring, and incident response automation.
- Develop and maintain secure configurations for cloud PaaS and SaaS solutions, such as GitHub Enterprise Cloud, aligning with NIH's security requirements.
- Participate in the design and implementation of NIH's enterprise cloud security strategy, ensuring scalability to meet future cloud demand.
- Work closely with NIH’s Office of Cybersecurity (OCS) to ensure cloud environments comply with FISMA, FedRAMP, and NIST 800-53 standards.
- Create and maintain detailed documentation on security architecture, policies, procedures, and incident response playbooks for NIH's cloud infrastructure.
- Provide subject matter expertise on cloud security to cross-functional teams, ensuring that security principles are embedded into the design, deployment, and operation of all NIH cloud services.
- Lead and participate in security reviews and testing of cloud infrastructure to ensure it meets NIH’s evolving security requirements.
Qualifications:
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field. Master’s degree preferred.
- 5+ years of experience in Cybersecurity with a focus on cloud security, cloud operations, or cloud architecture.
- Expertise in securing multi-cloud environments, including AWS, Azure, GCP, and OCI.
- Hands-on experience with cloud security tools such as AWS GuardDuty, Azure Security Center, GCP Security Command Center, and cloud-native logging and monitoring solutions.
- In-depth knowledge of security best practices, compliance frameworks, and risk management methodologies, including FISMA, FedRAMP, and NIST 800-53.
- Proficiency in automation and scripting (e.g., Python, PowerShell) for cloud security tasks, such as automating incident response and threat hunting.
- Familiarity with secure DevOps practices (DevSecOps), including Continuous Integration/Continuous Deployment (CI/CD) pipelines, code scanning, and vulnerability management.
- Certifications such as CISSP, CCSP, AWS Certified Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer are strongly preferred.
- Strong analytical and problem-solving skills, with the ability to work in a fast-paced environment and manage competing priorities.
Desired Experience:
- Experience supporting large-scale, enterprise cloud infrastructures in a federal government setting.
- Previous experience working with security teams in regulated environments such as NIH, or other federal health or research organizations.
- Ability to stay current with emerging cloud technologies, threats, and vulnerabilities, applying this knowledge to continuously improve NIH’s security posture.
- Strong communication skills, both written and verbal, with the ability to provide clear documentation and present findings to technical and non-technical stakeholders.
- Key Metrics and SLAs:
- 100% compliance with NIH’s cybersecurity policies and standards for cloud environments.
- Incident response time within 24 hours for critical security events.
- Annual security assessments and audits completed on time, with remediation plans developed for all findings.
- Zero unauthorized access incidents to NIH cloud environments.